Subversion Security Vulnerabilities and Issues — Subversion CVE List

Lucene search

ApacheSubversion

8 matches found

CVE•added 2015/08/12 2:59 p.m.•177 views

CVE-2015-3184

mod_authz_svn in Apache Subversion 1.7.x before 1.7.21 and 1.8.x before 1.8.14, when using Apache httpd 2.4.x, does not properly restrict anonymous access, which allows remote anonymous users to read hidden files via the path name.

5CVSS7.6AI score0.21349EPSS

CVE•added 2015/04/08 6:59 p.m.•114 views

CVE-2015-0248

The (1) mod_dav_svn and (2) svnserve servers in Subversion 1.6.0 through 1.7.19 and 1.8.0 through 1.8.11 allow remote attackers to cause a denial of service (assertion failure and abort) via crafted parameter combinations related to dynamically evaluated revision numbers.

5CVSS7.9AI score0.14762EPSS

CVE•added 2011/06/06 7:55 p.m.•92 views

CVE-2011-1752

The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.17, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a request for a baselined WebDAV resource, as exploited in the wild in May 2011.

5CVSS6.2AI score0.0833EPSS

CVE•added 2014/12/18 3:59 p.m.•75 views

CVE-2014-3580

The mod_dav_svn Apache HTTPD server module in Apache Subversion 1.x before 1.7.19 and 1.8.x before 1.8.11 allows remote attackers to cause a denial of service (NULL pointer dereference and server crash) via a REPORT request for a resource that does not exist.

5CVSS8.7AI score0.14945EPSS

CVE•added 2014/12/18 3:59 p.m.•69 views

CVE-2014-8108

The mod_dav_svn Apache HTTPD server module in Apache Subversion 1.7.x before 1.7.19 and 1.8.x before 1.8.11 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a request for a URI that triggers a lookup for a virtual transaction name that does not exist.

5CVSS8.7AI score0.059EPSS

CVE•added 2013/05/02 2:55 p.m.•65 views

CVE-2013-1847

The mod_dav_svn Apache HTTPD server module in Subversion 1.6.0 through 1.6.20 and 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via an anonymous LOCK for a URL that does not exist.

5CVSS6.3AI score0.42898EPSS

CVE•added 2013/07/31 1:20 p.m.•55 views

CVE-2013-1968

Subversion before 1.6.23 and 1.7.x before 1.7.10 allows remote authenticated users to cause a denial of service (FSFS repository corruption) via a newline character in a file name.

5.5CVSS5.9AI score0.00523EPSS

CVE•added 2013/05/02 2:55 p.m.•46 views

CVE-2013-1884

The mod_dav_svn Apache HTTPD server module in Subversion 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service (segmentation fault and crash) via a log REPORT request with an invalid limit, which triggers an access of an uninitialized variable.

5CVSS6.3AI score0.26312EPSS