Lucene search
K
ApacheSubversion

14 matches found

CVE
CVE
added 2022/04/12 5:50 p.m.197 views

CVE-2021-28544

CVE-2021-28544 affects Apache Subversion (subversion) by leaking the copyfrom path in path-based authz protected copy operations. Affected components include httpd and svnserve services; root cause is disclosure of the original node’s copyfrom path, not its contents. Exploitation details are not ...

4.3CVSS5.7AI score0.02788EPSS
CVE
CVE
added 2015/04/08 6:0 p.m.132 views

CVE-2015-0251

CVE-2015-0251 affects Subversion’s mod_dav_svn server. The vulnerability arises from improper handling of the svn:author property in crafted v1 HTTP protocol request sequences, allowing remote authenticated users to spoof author information. Affected products/versions include Subversion 1.5.0–1.7...

4CVSS7.7AI score0.07558EPSS
CVE
CVE
added 2024/12/09 9:36 a.m.123 views

CVE-2024-46901

CVE-2024-46901 affects Apache Subversion when serving repositories via mod_dav_svn. It arises from insufficient validation of filenames against control characters, allowing authenticated users with commit access to commit a corrupted revision and disrupt repository usage. All Subversion versions ...

4.3CVSS3.9AI score0.01943EPSS
CVE
CVE
added 2015/08/12 2:0 p.m.115 views

CVE-2015-3187

CVE-2015-3187 affects Apache Subversion: the svn_repos_trace_node_locations function in Subversion before 1.7.21 and in 1.8.x before 1.8.14 can disclose sensitive path information. When path-based authorization is used, remote authenticated users could read the history of a node that has been mov...

4CVSS7.3AI score0.06464EPSS
CVE
CVE
added 2011/06/06 7:0 p.m.113 views

CVE-2011-1783

The CVE-2011-1783 issue affects the mod_dav_svn Apache module distributed with Apache Subversion 1.5.x and 1.6.x up to 1.6.17. When SVNPathAuthz short_circuit is enabled, a remote attacker can trigger an infinite loop that leads to memory consumption and, in opportunistic circumstances, a denial ...

4.3CVSS6.2AI score0.06742EPSS
CVE
CVE
added 2014/02/14 3:0 p.m.113 views

CVE-2014-0032

CVE-2014-0032 affects the Apache Subversion mod_dav_svn module. When SVNListParentPath is enabled, get_resource in repos.c allows remote attackers to trigger a crash (DoS) by sending requests with the server root and non-GET methods (e.g., svn ls http://svn.example.com). Affected are Subversion v...

4.3CVSS7.9AI score0.11052EPSS
CVE
CVE
added 2014/08/19 6:0 p.m.103 views

CVE-2014-3528

CVE-2014-3528 affects Apache Subversion: cached credentials are protected by an MD5 hash of the URL and authentication realm. Subversion 1.0.0–1.7.x (before 1.7.17) and 1.8.x (before 1.8.10) store credentials in this manner, which may allow a remote server to obtain credentials via a crafted auth...

4CVSS8.6AI score0.07495EPSS
CVE
CVE
added 2013/05/02 2:0 p.m.99 views

CVE-2013-1846

CVE-2013-1846 affects Subversion’s mod_dav_svn (Apache httpd). Priviledge: remote authenticated user. Vulnerable: Subversion 1.6.x before 1.6.21 and 1.7.0–1.7.8; impact: crashes via LOCK requests against activity URLs (denial of service). Mitigation: upgrade to Subversion 1.6.21 or 1.7.9 (or late...

4CVSS5.9AI score0.06725EPSS
CVE
CVE
added 2014/08/19 6:0 p.m.93 views

CVE-2014-3522

The CVE-2014-3522 vulnerability affects Subversion’s Serf RA layer, where wildcards in X.509 CN/subjectAltName are not properly validated, enabling MITM certificate spoofing. Affected: Subversion Serf-based TLS for versions 1.4.0–1.7.x before 1.7.18 and 1.8.x before 1.8.10. Impact: potential disc...

4CVSS8.3AI score0.05581EPSS
CVE
CVE
added 2013/05/02 2:0 p.m.89 views

CVE-2013-1849

Subversion's mod_dav_svn (Apache httpd) is affected by CVE-2013-1849: a denial-of-service caused by a NULL pointer dereference triggered by a PROPFIND request for an activity URL. Affected versions are Subversion 1.6.x up to 1.6.20 and 1.7.0 through 1.7.8. No explicit patch or fixed version is pr...

4.3CVSS6.3AI score0.08845EPSS
CVE
CVE
added 2011/03/11 10:0 p.m.88 views

CVE-2011-0715

Summary: CVE-2011-0715 affects the Subversion mod_dav_svn module in Apache HTTP Server. Affected software/versions: Apache Subversion prior to 1.6.16 (mod_dav_svn). Root cause: Remote attacker can trigger a NULL pointer dereference in the module when handling lock tokens. Impact: Denial of servic...

4.3CVSS5.4AI score0.06309EPSS
CVE
CVE
added 2011/06/06 7:0 p.m.88 views

CVE-2011-1921

CVE-2011-1921 affects the Subversion mod_dav_svn Apache module in Subversion 1.5.x/1.6.x before 1.6.17. When SVNPathAuthz short_circuit is disabled, it fails to enforce permissions for files that were publicly readable in the past, allowing remote attackers to read sensitive information via a rep...

4.3CVSS6AI score0.05993EPSS
CVE
CVE
added 2014/08/19 6:0 p.m.85 views

CVE-2014-3504

CVE-2014-3504 (Serf) affects the Serf SSL certificate handling in Serf 0.2.0–1.3.x prior to 1.3.7, where a NUL byte in a domain name within the certificate’s subject CN could allow a remote attacker to spoof an SSL server (MITM). The issue stems from improper parsing/validation of CN in X.509 cer...

4CVSS8AI score0.0315EPSS
CVE
CVE
added 2013/07/31 10:0 a.m.74 views

CVE-2013-4131

CVE-2013-4131 affects Subversion’s mod_dav_svn in the Apache httpd module. Versions 1.7.0–1.7.10 and 1.8.x prior to 1.8.1 can be remotely triggered by authenticated users through certain COPY, DELETE, or MOVE requests against a revision root to cause a denial of service (assertion failure or out-...

4CVSS6.1AI score0.04383EPSS