14 matches found
CVE-2021-28544
CVE-2021-28544 affects Apache Subversion (subversion) by leaking the copyfrom path in path-based authz protected copy operations. Affected components include httpd and svnserve services; root cause is disclosure of the original node’s copyfrom path, not its contents. Exploitation details are not ...
CVE-2015-0251
CVE-2015-0251 affects Subversion’s mod_dav_svn server. The vulnerability arises from improper handling of the svn:author property in crafted v1 HTTP protocol request sequences, allowing remote authenticated users to spoof author information. Affected products/versions include Subversion 1.5.0–1.7...
CVE-2024-46901
CVE-2024-46901 affects Apache Subversion when serving repositories via mod_dav_svn. It arises from insufficient validation of filenames against control characters, allowing authenticated users with commit access to commit a corrupted revision and disrupt repository usage. All Subversion versions ...
CVE-2015-3187
CVE-2015-3187 affects Apache Subversion: the svn_repos_trace_node_locations function in Subversion before 1.7.21 and in 1.8.x before 1.8.14 can disclose sensitive path information. When path-based authorization is used, remote authenticated users could read the history of a node that has been mov...
CVE-2011-1783
The CVE-2011-1783 issue affects the mod_dav_svn Apache module distributed with Apache Subversion 1.5.x and 1.6.x up to 1.6.17. When SVNPathAuthz short_circuit is enabled, a remote attacker can trigger an infinite loop that leads to memory consumption and, in opportunistic circumstances, a denial ...
CVE-2014-0032
CVE-2014-0032 affects the Apache Subversion mod_dav_svn module. When SVNListParentPath is enabled, get_resource in repos.c allows remote attackers to trigger a crash (DoS) by sending requests with the server root and non-GET methods (e.g., svn ls http://svn.example.com). Affected are Subversion v...
CVE-2014-3528
CVE-2014-3528 affects Apache Subversion: cached credentials are protected by an MD5 hash of the URL and authentication realm. Subversion 1.0.0–1.7.x (before 1.7.17) and 1.8.x (before 1.8.10) store credentials in this manner, which may allow a remote server to obtain credentials via a crafted auth...
CVE-2013-1846
CVE-2013-1846 affects Subversion’s mod_dav_svn (Apache httpd). Priviledge: remote authenticated user. Vulnerable: Subversion 1.6.x before 1.6.21 and 1.7.0–1.7.8; impact: crashes via LOCK requests against activity URLs (denial of service). Mitigation: upgrade to Subversion 1.6.21 or 1.7.9 (or late...
CVE-2014-3522
The CVE-2014-3522 vulnerability affects Subversion’s Serf RA layer, where wildcards in X.509 CN/subjectAltName are not properly validated, enabling MITM certificate spoofing. Affected: Subversion Serf-based TLS for versions 1.4.0–1.7.x before 1.7.18 and 1.8.x before 1.8.10. Impact: potential disc...
CVE-2013-1849
Subversion's mod_dav_svn (Apache httpd) is affected by CVE-2013-1849: a denial-of-service caused by a NULL pointer dereference triggered by a PROPFIND request for an activity URL. Affected versions are Subversion 1.6.x up to 1.6.20 and 1.7.0 through 1.7.8. No explicit patch or fixed version is pr...
CVE-2011-0715
Summary: CVE-2011-0715 affects the Subversion mod_dav_svn module in Apache HTTP Server. Affected software/versions: Apache Subversion prior to 1.6.16 (mod_dav_svn). Root cause: Remote attacker can trigger a NULL pointer dereference in the module when handling lock tokens. Impact: Denial of servic...
CVE-2011-1921
CVE-2011-1921 affects the Subversion mod_dav_svn Apache module in Subversion 1.5.x/1.6.x before 1.6.17. When SVNPathAuthz short_circuit is disabled, it fails to enforce permissions for files that were publicly readable in the past, allowing remote attackers to read sensitive information via a rep...
CVE-2014-3504
CVE-2014-3504 (Serf) affects the Serf SSL certificate handling in Serf 0.2.0–1.3.x prior to 1.3.7, where a NUL byte in a domain name within the certificate’s subject CN could allow a remote attacker to spoof an SSL server (MITM). The issue stems from improper parsing/validation of CN in X.509 cer...
CVE-2013-4131
CVE-2013-4131 affects Subversion’s mod_dav_svn in the Apache httpd module. Versions 1.7.0–1.7.10 and 1.8.x prior to 1.8.1 can be remotely triggered by authenticated users through certain COPY, DELETE, or MOVE requests against a revision root to cause a denial of service (assertion failure or out-...