4 matches found
CVE-2013-1845
CVE-2013-1845 affects Subversion, specifically mod_dav_svn, where a remote authenticated user can trigger a denial of service by setting or deleting a large number of properties. Vulnerable versions are Subversion 1.6.x prior to 1.6.21 and 1.7.0 through 1.7.8. The issue causes memory exhaustion/D...
CVE-2013-4505
CVE-2013-4505 affects Apache Subversion: is_this_legal bypasses access restrictions in mod_dontdothat, enabling a remote attacker to trigger resource consumption/DoS via a crafted relative URL in a REPORT request for Subversion 1.4.0–1.7.13 and 1.8.0–1.8.4. Public advisories and OpenVAS/Nessus pl...
CVE-2013-4262
CVE-2013-4262 concerns Subversion 1.8.0–1.8.3 where the --pidfile option, used with svnwcsub.py, permits local privilege escalation via a symlink attack on the pid file when running in foreground. The related CVE-2013-7393 covers the daemonize.py path that enables privilege gains for either svnwc...
CVE-2013-7393
CVE-2013-7393 affects the Subversion daemonize.py module and applies to Subversion 1.8.0 before 1.8.2. The issue allows local users to gain privileges via a symlink attack on the pid file created for (1) svnwcsub.py or (2) irkerbridge.py when the --pidfile option is used. The description notes th...