Subversion@1.6.0 Security Vulnerabilities and Issues — Subversion@1.6.0 CVE List

Lucene search

ApacheSubversion1.6.0

22 matches found

CVE•added 2015/04/08 6:59 p.m.•114 views

CVE-2015-0248

The (1) mod_dav_svn and (2) svnserve servers in Subversion 1.6.0 through 1.7.19 and 1.8.0 through 1.8.11 allow remote attackers to cause a denial of service (assertion failure and abort) via crafted parameter combinations related to dynamically evaluated revision numbers.

5CVSS7.9AI score0.14762EPSS

CVE•added 2015/04/08 6:59 p.m.•107 views

CVE-2015-0251

The mod_dav_svn server in Subversion 1.5.0 through 1.7.19 and 1.8.0 through 1.8.11 allows remote authenticated users to spoof the svn:author property via a crafted v1 HTTP protocol request sequences.

4CVSS7.7AI score0.01327EPSS

CVE•added 2017/10/16 1:29 p.m.•84 views

CVE-2016-8734

Apache Subversion's mod_dontdothat module and HTTP clients 1.4.0 through 1.8.16, and 1.9.0 through 1.9.4 are vulnerable to a denial-of-service attack caused by exponential XML entity expansion. The attack can cause the targeted process to consume an excessive amount of CPU resources or memory.

6.5CVSS6.7AI score0.07973EPSS

CVE•added 2013/05/02 2:55 p.m.•75 views

CVE-2013-1846

The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x before 1.6.21 and 1.7.0 through 1.7.8 allows remote authenticated users to cause a denial of service (NULL pointer dereference and crash) via a LOCK on an activity URL.

4CVSS5.9AI score0.01331EPSS

CVE•added 2014/12/18 3:59 p.m.•75 views

CVE-2014-3580

The mod_dav_svn Apache HTTPD server module in Apache Subversion 1.x before 1.7.19 and 1.8.x before 1.8.11 allows remote attackers to cause a denial of service (NULL pointer dereference and server crash) via a REPORT request for a resource that does not exist.

5CVSS8.7AI score0.14945EPSS

CVE•added 2014/08/19 6:55 p.m.•71 views

CVE-2014-3528

Apache Subversion 1.0.0 through 1.7.x before 1.7.17 and 1.8.x before 1.8.10 uses an MD5 hash of the URL and authentication realm to store cached credentials, which makes it easier for remote servers to obtain the credentials via a crafted authentication realm.

4CVSS8.6AI score0.02946EPSS

CVE•added 2013/07/31 1:20 p.m.•70 views

CVE-2013-2088

contrib/hook-scripts/svn-keyword-check.pl in Subversion before 1.6.23 allows remote authenticated users with commit permissions to execute arbitrary commands via shell metacharacters in a filename.

7.1CVSS7.1AI score0.0503EPSS

CVE•added 2014/12/18 3:59 p.m.•69 views

CVE-2014-8108

The mod_dav_svn Apache HTTPD server module in Apache Subversion 1.7.x before 1.7.19 and 1.8.x before 1.8.11 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a request for a URI that triggers a lookup for a virtual transaction name that does not exist.

5CVSS8.7AI score0.059EPSS

CVE•added 2013/05/02 2:55 p.m.•68 views

CVE-2013-1845

The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x before 1.6.21 and 1.7.0 through 1.7.8 allows remote authenticated users to cause a denial of service (memory consumption) by (1) setting or (2) deleting a large number of properties for a file or directory.

2.1CVSS6AI score0.01483EPSS

CVE•added 2013/07/31 1:20 p.m.•68 views

CVE-2013-2112

The svnserve server in Subversion before 1.6.23 and 1.7.x before 1.7.10 allows remote attackers to cause a denial of service (exit) by aborting a connection.

7.8CVSS6.2AI score0.03541EPSS

CVE•added 2013/05/02 2:55 p.m.•65 views

CVE-2013-1847

The mod_dav_svn Apache HTTPD server module in Subversion 1.6.0 through 1.6.20 and 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via an anonymous LOCK for a URL that does not exist.

5CVSS6.3AI score0.42898EPSS

CVE•added 2013/05/02 2:55 p.m.•64 views

CVE-2013-1849

The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x through 1.6.20 and 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a PROPFIND request for an activity URL.

4.3CVSS6.3AI score0.14496EPSS

CVE•added 2014/08/19 6:55 p.m.•64 views

CVE-2014-3522

The Serf RA layer in Apache Subversion 1.4.0 through 1.7.x before 1.7.18 and 1.8.x before 1.8.10 does not properly handle wildcards in the Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof servers via a crafted certificate.

4CVSS8.3AI score0.01595EPSS

CVE•added 2014/08/19 6:55 p.m.•62 views

CVE-2014-3504

The (1) serf_ssl_cert_issuer, (2) serf_ssl_cert_subject, and (3) serf_ssl_cert_certificate functions in Serf 0.2.0 through 1.3.x before 1.3.7 does not properly handle a NUL byte in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attacker...

4CVSS8AI score0.02649EPSS

CVE•added 2010/10/04 9:0 p.m.•61 views

CVE-2010-3315

authz.c in the mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x before 1.5.8 and 1.6.x before 1.6.13, when SVNPathAuthz short_circuit is enabled, does not properly handle a named repository as a rule scope, which allows remote authenticated users to bypass in...

6CVSS5.9AI score0.004EPSS

CVE•added 2011/06/06 7:55 p.m.•60 views

CVE-2011-1921

The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x and 1.6.x before 1.6.17, when the SVNPathAuthz short_circuit option is disabled, does not properly enforce permissions for files that had been publicly readable in the past, which allows remote attackers to...

4.3CVSS6AI score0.04866EPSS

CVE•added 2011/03/11 10:55 p.m.•58 views

CVE-2011-0715

The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.16, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a request that contains a lock token.

4.3CVSS5.4AI score0.12113EPSS

CVE•added 2011/01/07 7:0 p.m.•57 views

CVE-2010-4539

The walk function in repos.c in the mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.15, allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via vectors that trigger the walking of SVNParentPath coll...

6.8CVSS6AI score0.0111EPSS

CVE•added 2013/07/31 1:20 p.m.•55 views

CVE-2013-1968

Subversion before 1.6.23 and 1.7.x before 1.7.10 allows remote authenticated users to cause a denial of service (FSFS repository corruption) via a newline character in a file name.

5.5CVSS5.9AI score0.00523EPSS

CVE•added 2011/01/07 7:0 p.m.•54 views

CVE-2010-4644

Multiple memory leaks in rev_hunt.c in Apache Subversion before 1.6.15 allow remote authenticated users to cause a denial of service (memory consumption and daemon crash) via the -g option to the blame command.

3.5CVSS6AI score0.01041EPSS

CVE•added 2013/09/16 7:14 p.m.•54 views

CVE-2013-4277

Svnserve in Apache Subversion 1.4.0 through 1.7.12 and 1.8.0 through 1.8.1 allows local users to overwrite arbitrary files or kill arbitrary processes via a symlink attack on the file specified by the --pid-file option.

3.3CVSS6.1AI score0.00231EPSS

CVE•added 2013/12/07 8:55 p.m.•47 views

CVE-2013-4505

The is_this_legal function in mod_dontdothat for Apache Subversion 1.4.0 through 1.7.13 and 1.8.0 through 1.8.4 allows remote attackers to bypass intended access restrictions and possibly cause a denial of service (resource consumption) via a relative URL in a REPORT request.

2.6CVSS6.5AI score0.01539EPSS