5 matches found
Medium: subversion
Issue Overview: The isthislegal function in moddontdothat for Apache Subversion 1.4.0 through 1.7.13 and 1.8.0 through 1.8.4 allows remote attackers to bypass intended access restrictions and possibly cause a denial of service resource consumption via a relative URL in a REPORT request. The...
CVE-2013-4558
The getparentresource function in repos.c in moddavsvn Apache HTTPD server module in Subversion 1.7.11 through 1.7.13 and 1.8.1 through 1.8.4, when built with assertions enabled and SVNAutoversioning is enabled, allows remote attackers to cause a denial of service assertion failure and Apache...
CVE-2013-4558
The getparentresource function in repos.c in moddavsvn Apache HTTPD server module in Subversion 1.7.11 through 1.7.13 and 1.8.1 through 1.8.4, when built with assertions enabled and SVNAutoversioning is enabled, allows remote attackers to cause a denial of service assertion failure and Apache...
CVE-2013-4558
The getparentresource function in repos.c in moddavsvn Apache HTTPD server module in Subversion 1.7.11 through 1.7.13 and 1.8.1 through 1.8.4, when built with assertions enabled and SVNAutoversioning is enabled, allows remote attackers to cause a denial of service assertion failure and Apache...
Updated subversion package fixes security vulnerabilities
moddontdothat allows you to block update REPORT requests against certain paths in the repository. It expects the paths in the REPORT request to be absolute URLs. Serf based clients send relative URLs instead of absolute URLs in many cases. As a result these clients are not blocked as configured b...