47 matches found
CVE-2018-11782
CVE-2018-11782 affects Subversion's svnserve service. A specially crafted read-only request could cause svnserve to exit/crash, enabling remote denial of service. Public details confirm the issue in Subversion servers prior to versions 1.9.10, 1.10.4, and 1.12.0, with root cause tied to the svnse...
CVE-2022-24070
CVE-2022-24070 affects Subversion’s mod_dav_svn, where a use-after-free during path-based authorization lookups can lead to memory corruption and likely denial-of-service (HTTPD worker crash). The affected range is Subversion mod_dav_svn servers 1.10.0 through 1.14.1 (inclusive); other Subversion...
CVE-2017-9800
CVE-2017-9800 : A malicious svn+ssh URL could cause Subversion clients to execute an arbitrary shell command. Affected are Subversion clients before 1.8.19, 1.9.x before 1.9.7, and 1.10.0.x through 1.10.0-alpha3. The issue arises from improper handling/input validation of svn+ssh URLs, and a mali...
CVE-2020-17525
CVE-2020-17525 affects Subversion’s mod_authz_svn. A crash occurs when using in-repository authz rules with the AuthzSVNReposRelativeAccessFile option and a client requests a non-existent repository URL, potentially disrupting service. Fixed in various builds: mod_dav_svn + mod_authz_svn servers ...
CVE-2019-0203
The CVE-2019-0203 issue affects Apache Subversion’s svnserve where certain protocol sequences can cause the svnserve process to exit, leading to a remote denial of service. Impact is disruption of service for Subversion servers. Affected Subversion releases include up to 1.9.10, 1.10.4, and 1.12....
CVE-2015-3184
CVE-2015-3184 affects Subversion’s mod_authz_svn when used with Apache httpd 2.4.x. The issue is an improper restriction of anonymous access in Subversion 1.7.x (before 1.7.21) and 1.8.x (before 1.8.14), which allows remote anonymous users to read hidden files via the path name. Affected product:...
CVE-2021-28544
CVE-2021-28544 affects Apache Subversion (subversion) by leaking the copyfrom path in path-based authz protected copy operations. Affected components include httpd and svnserve services; root cause is disclosure of the original node’s copyfrom path, not its contents. Exploitation details are not ...
CVE-2018-11803
CVE-2018-11803 affects Subversion’s mod_dav_svn Apache HTTPD module, specifically versions 1.11.0 and 1.10.0 through 1.10.3, where dereferencing an uninitialized pointer when the client omits the root path during a recursive directory listing can crash the server. The vulnerability is documented ...
CVE-2016-2168
CVE-2016-2168 affects Apache Subversion’s httpd-based Subversion server, specifically the mod_authz_svn module. The issue arises in the req_check_access path, allowing remote authenticated users to trigger a denial of service (NULL pointer dereference and crash) via a crafted header in a MOVE or ...
CVE-2016-2167
The vulnerability CVE-2016-2167 affects Apache Subversion: the canonicalize_username function in svnserve/cyrus_auth.c, when Cyrus SASL is used, may allow remote authentication bypass by using a realm string that prefixes the expected repository realm. Affected versions are Subversion 1.8.x befor...
CVE-2015-0248
CVE-2015-0248 affects Subversion (mod_dav_svn and svnserve) versions 1.6.0–1.7.19 and 1.8.0–1.8.11. The issue is an assertion failure DoS triggered by crafted requests with dynamically evaluated revision numbers, potentially crashing the server. Multiple connected advisories confirm this vulnerab...
CVE-2015-0251
CVE-2015-0251 affects Subversion’s mod_dav_svn server. The vulnerability arises from improper handling of the svn:author property in crafted v1 HTTP protocol request sequences, allowing remote authenticated users to spoof author information. Affected products/versions include Subversion 1.5.0–1.7...
CVE-2024-46901
CVE-2024-46901 affects Apache Subversion when serving repositories via mod_dav_svn. It arises from insufficient validation of filenames against control characters, allowing authenticated users with commit access to commit a corrupted revision and disrupt repository usage. All Subversion versions ...
CVE-2011-1752
This CVE affects Subversion 1.6.x prior to 1.6.17, specifically the mod_dav_svn Apache module. The root cause is a NULL pointer dereference when handling baselined WebDAV resource requests, allowing remote attackers to cause a denial of service (daemon crash). The issue is noted as exploited in t...
CVE-2015-3187
CVE-2015-3187 affects Apache Subversion: the svn_repos_trace_node_locations function in Subversion before 1.7.21 and in 1.8.x before 1.8.14 can disclose sensitive path information. When path-based authorization is used, remote authenticated users could read the history of a node that has been mov...
CVE-2011-1783
The CVE-2011-1783 issue affects the mod_dav_svn Apache module distributed with Apache Subversion 1.5.x and 1.6.x up to 1.6.17. When SVNPathAuthz short_circuit is enabled, a remote attacker can trigger an infinite loop that leads to memory consumption and, in opportunistic circumstances, a denial ...
CVE-2014-0032
CVE-2014-0032 affects the Apache Subversion mod_dav_svn module. When SVNListParentPath is enabled, get_resource in repos.c allows remote attackers to trigger a crash (DoS) by sending requests with the server root and non-GET methods (e.g., svn ls http://svn.example.com). Affected are Subversion v...
CVE-2016-8734
CVE-2016-8734 affects Apache Subversion’s mod_dontdothat and HTTP(S) clients (versions 1.4.0–1.8.16 and 1.9.0–1.9.4). The root cause is exponential XML entity expansion, leading to denial-of-service via high CPU/memory usage. Multiple advisories confirm impact across distros (Debian, Mageia, Fedo...
CVE-2014-3528
CVE-2014-3528 affects Apache Subversion: cached credentials are protected by an MD5 hash of the URL and authentication realm. Subversion 1.0.0–1.7.x (before 1.7.17) and 1.8.x (before 1.8.10) store credentials in this manner, which may allow a remote server to obtain credentials via a crafted auth...
CVE-2014-3580
CVE-2014-3580 affects the mod_dav_svn component of Apache Subversion (1.x) prior to 1.7.19 and 1.8.x prior to 1.8.11. A remote attacker can trigger a NULL pointer dereference via a REPORT request for a non-existent resource , causing a denial of service and server crash. Connected sources documen...
CVE-2013-1846
CVE-2013-1846 affects Subversion’s mod_dav_svn (Apache httpd). Priviledge: remote authenticated user. Vulnerable: Subversion 1.6.x before 1.6.21 and 1.7.0–1.7.8; impact: crashes via LOCK requests against activity URLs (denial of service). Mitigation: upgrade to Subversion 1.6.21 or 1.7.9 (or late...
CVE-2013-1845
CVE-2013-1845 affects Subversion, specifically mod_dav_svn, where a remote authenticated user can trigger a denial of service by setting or deleting a large number of properties. Vulnerable versions are Subversion 1.6.x prior to 1.6.21 and 1.7.0 through 1.7.8. The issue causes memory exhaustion/D...
CVE-2013-2088
CVE-2013-2088 affects Subversion where the pre-commit hook script caused by the file name containing shell metacharacters in contrib/hook-scripts/svn-keyword-check.pl can allow remote authenticated users with commit permissions to execute arbitrary commands. Public references and exploits (e.g., ...
CVE-2014-8108
The CVE-2014-8108 issue affects the Apache Subversion mod_dav_svn module. According to connected docs, Subversion 1.7.x is vulnerable before 1.7.19 and 1.8.x is vulnerable before 1.8.11, where a remote attacker can trigger a NULL pointer dereference by requesting a URI that causes a lookup for a ...
CVE-2013-2112
Subversion vulnerability CVE-2013-2112 affects svnserve in Subversion versions prior to 1.6.23 and 1.7.x prior to 1.7.10. The issue allows remote attackers to cause a denial of service (svnserve exit) by aborting a connection. Documented impact is a DoS affecting the svnserve daemon when handling...
CVE-2010-4539
CVE-2010-4539 affects Apache Subversion's mod_dav_svn in versions shipped with Subversion prior to 1.6.15. The vulnerability is caused by a flaw in the walk function (repos.c) when processing SVNParentPath collections, allowing remote authenticated users to trigger a NULL pointer dereference and ...
CVE-2014-3522
The CVE-2014-3522 vulnerability affects Subversion’s Serf RA layer, where wildcards in X.509 CN/subjectAltName are not properly validated, enabling MITM certificate spoofing. Affected: Subversion Serf-based TLS for versions 1.4.0–1.7.x before 1.7.18 and 1.8.x before 1.8.10. Impact: potential disc...
CVE-2010-3315
CVE-2010-3315 affects Apache Subversion’s mod_dav_svn: when SVNPathAuthz short_circuit is enabled, authz.c fails to correctly handle a named repository as a rule scope, allowing remote authenticated users to bypass access restrictions via svn commands. Vulnerable products/versions: Apache Subvers...
CVE-2011-0715
Summary: CVE-2011-0715 affects the Subversion mod_dav_svn module in Apache HTTP Server. Affected software/versions: Apache Subversion prior to 1.6.16 (mod_dav_svn). Root cause: Remote attacker can trigger a NULL pointer dereference in the module when handling lock tokens. Impact: Denial of servic...
CVE-2011-1921
CVE-2011-1921 affects the Subversion mod_dav_svn Apache module in Subversion 1.5.x/1.6.x before 1.6.17. When SVNPathAuthz short_circuit is disabled, it fails to enforce permissions for files that were publicly readable in the past, allowing remote attackers to read sensitive information via a rep...
CVE-2013-1849
Subversion's mod_dav_svn (Apache httpd) is affected by CVE-2013-1849: a denial-of-service caused by a NULL pointer dereference triggered by a PROPFIND request for an activity URL. Affected versions are Subversion 1.6.x up to 1.6.20 and 1.7.0 through 1.7.8. No explicit patch or fixed version is pr...
CVE-2013-4558
CVE-2013-4558 affects Subversion’s mod_dav_svn in Apache HTTPD when built with assertions and SVNAutoversioning enabled, allowing remote DoS via a non-canonical URL (trailing /). Affected versions: Subversion 1.7.11–1.7.13 and 1.8.1–1.8.4. Root cause: assertion triggered by non-canonical requests...
CVE-2015-5343
CVE-2015-5343 affects Apache Subversion (mod_dav_svn). An integer overflow in util.c can trigger an out-of-bounds read and heap overflow via a skel-encoded request body, allowing remote authenticated users to cause a DoS or possibly execute arbitrary code. Affected versions: Subversion 1.7.x; 1.8...
CVE-2013-1847
CVE-2013-1847 is a denial-of-service in Subversion via the mod_dav_svn Apache HTTPD module. The issue occurs when an anonymous LOCK is issued for a URL that does not exist, triggering crashes (NULL pointer dereference) in vulnerable Subversion versions. Affected are Subversion mod_dav_svn on Apac...
CVE-2010-4644
CVE-2010-4644 : In Apache Subversion, memory leaks in rev_hunt.c for versions before 1.6.15 can be exploited by remote authenticated users to cause a denial of service (memory consumption and daemon crash) via the -g option to the blame command. Multiple connected advisories (e.g., MiracleLinux A...
CVE-2014-3504
CVE-2014-3504 (Serf) affects the Serf SSL certificate handling in Serf 0.2.0–1.3.x prior to 1.3.7, where a NUL byte in a domain name within the certificate’s subject CN could allow a remote attacker to spoof an SSL server (MITM). The issue stems from improper parsing/validation of CN in X.509 cer...
CVE-2013-1968
CVE-2013-1968 affects Subversion with FSFS repositories, where a newline in a filename can be exploited to corrupt the repository and cause denial of service. Public reports from multiple vendors describe vulnerable ranges as Subversion releases before 1.6.23 and 1.7.x before 1.7.10. Connected ad...
CVE-2015-5259
The CVE-2015-5259 issue affects Apache Subversion 1.9.x prior to 1.9.3. It arises from an overflow in the read_string path in libsvn_ra_svn/marshal.c when handling svn:// strings, causing a heap-based buffer overflow and an out-of-bounds read. This is exploitable remotely and can allow an attacke...
CVE-2013-4277
CVE-2013-4277 affects Svnserve in Apache Subversion; affected versions are 1.4.0–1.7.12 and 1.8.0–1.8.1. Local users can overwrite arbitrary files or kill arbitrary processes via a symlink attack on the file specified by the --pid-file option. Root cause: symlink race on pid-file handling. Impact...
CVE-2015-0202
Summary: Subversion’s mod_dav_svn server (1.8.0–1.8.11) is vulnerable to a denial-of-service via a flood of REPORT requests that trigger traversal of FSFS repository nodes (CVE-2015-0202). Additional related flaws include an assertion DoS on certain requests with dynamic revision numbers (CVE-201...
CVE-2024-45720
CVE-2024-45720 affects Subversion on Windows: a flawed “best fit” character encoding conversion of command-line arguments to svn.exe can cause misinterpretation of arguments, enabling argument injection and execution of other programs. Affected: all Subversion versions up to 1.14.3 on Windows; fi...
CVE-2013-4131
CVE-2013-4131 affects Subversion’s mod_dav_svn in the Apache httpd module. Versions 1.7.0–1.7.10 and 1.8.x prior to 1.8.1 can be remotely triggered by authenticated users through certain COPY, DELETE, or MOVE requests against a revision root to cause a denial of service (assertion failure or out-...
CVE-2013-4505
CVE-2013-4505 affects Apache Subversion: is_this_legal bypasses access restrictions in mod_dontdothat, enabling a remote attacker to trigger resource consumption/DoS via a crafted relative URL in a REPORT request for Subversion 1.4.0–1.7.13 and 1.8.0–1.8.4. Public advisories and OpenVAS/Nessus pl...
CVE-2013-1884
CVE-2013-1884 affects Subversion's mod_dav_svn for Apache httpd. In Subversion 1.7.0–1.7.8, a log REPORT request with an invalid limit can trigger an access of an uninitialized variable, causing a denial of service (segmentation fault/crash). Exploitation context: remote attacker via HTTP. The re...
CVE-2013-4246
CVE-2013-4246 affects Apache Subversion 1.8.x prior to 1.8.2. The vulnerability resides in libsvn_fs_fs/fs_fs.c, which could allow remote authenticated users with commit access to corrupt FSFS repositories and trigger a denial of service or disclose sensitive information by editing packed revisio...
CVE-2013-4262
CVE-2013-4262 concerns Subversion 1.8.0–1.8.3 where the --pidfile option, used with svnwcsub.py, permits local privilege escalation via a symlink attack on the pid file when running in foreground. The related CVE-2013-7393 covers the daemonize.py path that enables privilege gains for either svnwc...
CVE-2013-7393
CVE-2013-7393 affects the Subversion daemonize.py module and applies to Subversion 1.8.0 before 1.8.2. The issue allows local users to gain privileges via a symlink attack on the pid file created for (1) svnwcsub.py or (2) irkerbridge.py when the --pidfile option is used. The description notes th...