8 matches found
CVE-2015-3184
CVE-2015-3184 affects Subversion’s mod_authz_svn when used with Apache httpd 2.4.x. The issue is an improper restriction of anonymous access in Subversion 1.7.x (before 1.7.21) and 1.8.x (before 1.8.14), which allows remote anonymous users to read hidden files via the path name. Affected product:...
CVE-2015-0248
CVE-2015-0248 affects Subversion (mod_dav_svn and svnserve) versions 1.6.0–1.7.19 and 1.8.0–1.8.11. The issue is an assertion failure DoS triggered by crafted requests with dynamically evaluated revision numbers, potentially crashing the server. Multiple connected advisories confirm this vulnerab...
CVE-2011-1752
This CVE affects Subversion 1.6.x prior to 1.6.17, specifically the mod_dav_svn Apache module. The root cause is a NULL pointer dereference when handling baselined WebDAV resource requests, allowing remote attackers to cause a denial of service (daemon crash). The issue is noted as exploited in t...
CVE-2014-3580
CVE-2014-3580 affects the mod_dav_svn component of Apache Subversion (1.x) prior to 1.7.19 and 1.8.x prior to 1.8.11. A remote attacker can trigger a NULL pointer dereference via a REPORT request for a non-existent resource , causing a denial of service and server crash. Connected sources documen...
CVE-2014-8108
The CVE-2014-8108 issue affects the Apache Subversion mod_dav_svn module. According to connected docs, Subversion 1.7.x is vulnerable before 1.7.19 and 1.8.x is vulnerable before 1.8.11, where a remote attacker can trigger a NULL pointer dereference by requesting a URI that causes a lookup for a ...
CVE-2013-1968
CVE-2013-1968 affects Subversion with FSFS repositories, where a newline in a filename can be exploited to corrupt the repository and cause denial of service. Public reports from multiple vendors describe vulnerable ranges as Subversion releases before 1.6.23 and 1.7.x before 1.7.10. Connected ad...
CVE-2013-1847
CVE-2013-1847 is a denial-of-service in Subversion via the mod_dav_svn Apache HTTPD module. The issue occurs when an anonymous LOCK is issued for a URL that does not exist, triggering crashes (NULL pointer dereference) in vulnerable Subversion versions. Affected are Subversion mod_dav_svn on Apac...
CVE-2013-1884
CVE-2013-1884 affects Subversion's mod_dav_svn for Apache httpd. In Subversion 1.7.0–1.7.8, a log REPORT request with an invalid limit can trigger an access of an uninitialized variable, causing a denial of service (segmentation fault/crash). Exploitation context: remote attacker via HTTP. The re...