EUVD-2010-3313

Malware in sbrugna...

Information Disclosure

subversion is vulnerable to information disclosure. An information disclosure flaw was found in the way the moddavsvn module processed certain URLs when path-based access control for files and directories was enabled. A malicious, remote user could possibly use this flaw to access certain files i...

Denial Of Service (DoS)

subversion is vulnerable to denial of service. An infinite loop flaw was found in the way the moddavsvn module processed certain data sets. If the SVNPathAuthz directive was set to "shortcircuit", and path-based access control for files and directories was enabled, a malicious, remote user could...

Scientific Linux Security Update : subversion on SL6.x i386/x86_64

An access restriction bypass flaw was found in the moddavsvn module. If the SVNPathAuthz directive was set to 'shortcircuit', certain access rules were not enforced, possibly allowing sensitive repository data to be leaked to remote users. Note that SVNPathAuthz is set to 'On' by default...

CVE-2011-1783

The moddavsvn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x and 1.6.x before 1.6.17, when the SVNPathAuthz shortcircuit option is enabled, allows remote attackers to cause a denial of service infinite loop and memory consumption in opportunistic circumstances by...

CVE-2011-1783

The moddavsvn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x and 1.6.x before 1.6.17, when the SVNPathAuthz shortcircuit option is enabled, allows remote attackers to cause a denial of service infinite loop and memory consumption in opportunistic circumstances by...

CVE-2011-1783

The moddavsvn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x and 1.6.x before 1.6.17, when the SVNPathAuthz shortcircuit option is enabled, allows remote attackers to cause a denial of service infinite loop and memory consumption in opportunistic circumstances by...

Moderate: Red Hat Security Advisory: subversion security update

Updated subversion packages that fix three security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings, are...

Fedora 13 : subversion-1.6.13-1.fc13 (2010-16136)

This update includes the latest stable release of Subversion, version 1.6.13. Subversion servers up to 1.6.12 inclusive making use of the 'SVNPathAuthz shortcircuit' moddavsvn configuration setting have a bug which may allow users to write and/or read portions of the repository to which they are...

Fedora 14 : subversion-1.6.13-1.fc14 (2010-16148)

This update includes the latest stable release of Subversion, version 1.6.13. Subversion servers up to 1.6.12 inclusive making use of the 'SVNPathAuthz shortcircuit' moddavsvn configuration setting have a bug which may allow users to write and/or read portions of the repository to which they are...

DSA-2118-1 subversion - authentication bypass

Bulletin has no description...

CVE-2010-3315

authz.c in the moddavsvn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x before 1.5.8 and 1.6.x before 1.6.13, when SVNPathAuthz shortcircuit is enabled, does not properly handle a named repository as a rule scope, which allows remote authenticated users to bypass...