6 matches found
CVE-2018-11782
CVE-2018-11782 affects Subversion's svnserve service. A specially crafted read-only request could cause svnserve to exit/crash, enabling remote denial of service. Public details confirm the issue in Subversion servers prior to versions 1.9.10, 1.10.4, and 1.12.0, with root cause tied to the svnse...
CVE-2016-2167
The vulnerability CVE-2016-2167 affects Apache Subversion: the canonicalize_username function in svnserve/cyrus_auth.c, when Cyrus SASL is used, may allow remote authentication bypass by using a realm string that prefixes the expected repository realm. Affected versions are Subversion 1.8.x befor...
CVE-2016-2168
CVE-2016-2168 affects Apache Subversion’s httpd-based Subversion server, specifically the mod_authz_svn module. The issue arises in the req_check_access path, allowing remote authenticated users to trigger a denial of service (NULL pointer dereference and crash) via a crafted header in a MOVE or ...
CVE-2016-8734
CVE-2016-8734 affects Apache Subversion’s mod_dontdothat and HTTP(S) clients (versions 1.4.0–1.8.16 and 1.9.0–1.9.4). The root cause is exponential XML entity expansion, leading to denial-of-service via high CPU/memory usage. Multiple advisories confirm impact across distros (Debian, Mageia, Fedo...
CVE-2010-4539
CVE-2010-4539 affects Apache Subversion's mod_dav_svn in versions shipped with Subversion prior to 1.6.15. The vulnerability is caused by a flaw in the walk function (repos.c) when processing SVNParentPath collections, allowing remote authenticated users to trigger a NULL pointer dereference and ...
CVE-2010-3315
CVE-2010-3315 affects Apache Subversion’s mod_dav_svn: when SVNPathAuthz short_circuit is enabled, authz.c fails to correctly handle a named repository as a rule scope, allowing remote authenticated users to bypass access restrictions via svn commands. Vulnerable products/versions: Apache Subvers...