Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

apache subversion 1.8.0 vulnerabilities and exploits

(subscribe to this query)

2.4
CVSSv2
CVE-2013-4262
svnwcsub.py in Subversion 1.8.0 before 1.8.3, when using the --pidfile option and running in foreground mode, allows local users to gain privileges via a symlink attack on the pid file. NOTE: this issue was SPLIT due to different affected versions (ADT3). The irkerbridge.py...
Apache Subversion 1.8.0Apache Subversion 1.8.1Apache Subversion 1.8.2
6.5
CVSSv2
CVE-2013-4246
libsvn_fs_fs/fs_fs.c in Apache Subversion 1.8.x before 1.8.2 might allow remote authenticated users with commit access to corrupt FSFS repositories and cause a denial of service or obtain sensitive information by editing packed revision properties....
Apache Subversion 1.8.0Apache Subversion 1.8.1
2.4
CVSSv2
CVE-2013-7393
The daemonize.py module in Subversion 1.8.0 before 1.8.2 allows local users to gain privileges via a symlink attack on the pid file created for (1) svnwcsub.py or (2) irkerbridge.py when the --pidfile option is used. NOTE: this issue was SPLIT from CVE-2013-4262 based on...
Apache Subversion 1.8.0Apache Subversion 1.8.1
4.3
CVSSv2
CVE-2014-0032
The get_resource function in repos.c in the mod_dav_svn module in Apache Subversion before 1.7.15 and 1.8.x before 1.8.6, when SVNListParentPath is enabled, allows remote attackers to cause a denial of service (crash) via vectors related to the server root and request methods...
Apache Subversion 1.8.0Apache Subversion 1.8.1Apache Subversion 1.8.2Apache Subversion 1.8.3Apache Subversion 1.8.4Apache Subversion 1.8.5Apache Subversion 1.7.0Apache Subversion 1.7.1Apache Subversion 1.7.2Apache Subversion 1.7.3Apache Subversion 1.7.4Apache Subversion 1.7.5Apache Subversion 1.7.6Apache Subversion 1.7.7Apache Subversion 1.7.8Apache Subversion 1.7.9Apache Subversion 1.7.10Apache Subversion 1.7.11Apache Subversion 1.7.12Apache Subversion 1.7.13Apache Subversion
4
CVSSv2
CVE-2013-4131
The mod_dav_svn Apache HTTPD server module in Subversion 1.7.0 through 1.7.10 and 1.8.x before 1.8.1 allows remote authenticated users to cause a denial of service (assertion failure or out-of-bounds read) via a certain (1) COPY, (2) DELETE, or (3) MOVE request against a...
Apache Subversion 1.7.0Apache Subversion 1.7.1Apache Subversion 1.7.2Apache Subversion 1.7.3Apache Subversion 1.7.4Apache Subversion 1.7.5Apache Subversion 1.7.6Apache Subversion 1.7.7Apache Subversion 1.7.8Apache Subversion 1.7.9Apache Subversion 1.7.10Apache Subversion 1.8.0
5
CVSSv2
CVE-2015-3184
mod_authz_svn in Apache Subversion 1.7.x before 1.7.21 and 1.8.x before 1.8.14, when using Apache httpd 2.4.x, does not properly restrict anonymous access, which allows remote anonymous users to read hidden files via the path name....
Apple XcodeApache Subversion 1.7.0Apache Subversion 1.7.1Apache Subversion 1.7.2Apache Subversion 1.7.3Apache Subversion 1.7.4Apache Subversion 1.7.5Apache Subversion 1.7.6Apache Subversion 1.7.7Apache Subversion 1.7.8Apache Subversion 1.7.9Apache Subversion 1.7.10Apache Subversion 1.7.11Apache Subversion 1.7.12Apache Subversion 1.7.13Apache Subversion 1.7.14Apache Subversion 1.7.15Apache Subversion 1.7.16Apache Subversion 1.7.17Apache Subversion 1.7.18Apache Subversion 1.7.19Apache Subversion 1.7.20Apache Subversion 1.8.0Apache Subversion 1.8.1Apache Subversion 1.8.2Apache Subversion 1.8.3Apache Subversion 1.8.4Apache Subversion 1.8.5Apache Subversion 1.8.6Apache Subversion 1.8.7Apache Subversion 1.8.8Apache Subversion 1.8.9Apache Subversion 1.8.10Apache Subversion 1.8.11Apache Subversion 1.8.13
7.8
CVSSv2
CVE-2015-0202
The mod_dav_svn server in Subversion 1.8.0 through 1.8.11 allows remote attackers to cause a denial of service (memory consumption) via a large number of REPORT requests, which trigger the traversal of FSFS repository nodes....
Apache Subversion 1.8.0Apache Subversion 1.8.1Apache Subversion 1.8.2Apache Subversion 1.8.3Apache Subversion 1.8.4Apache Subversion 1.8.5Apache Subversion 1.8.6Apache Subversion 1.8.7Apache Subversion 1.8.8Apache Subversion 1.8.9Apache Subversion 1.8.10Apache Subversion 1.8.11Opensuse Opensuse 13.1Opensuse Opensuse 13.2
4
CVSSv2
CVE-2015-0251
The mod_dav_svn server in Subversion 1.5.0 through 1.7.19 and 1.8.0 through 1.8.11 allows remote authenticated users to spoof the svn:author property via a crafted v1 HTTP protocol request sequences....
Apache Subversion 1.5.0Apache Subversion 1.5.1Apache Subversion 1.5.2Apache Subversion 1.5.3Apache Subversion 1.5.4Apache Subversion 1.5.5Apache Subversion 1.5.6Apache Subversion 1.5.7Apache Subversion 1.5.8Apache Subversion 1.6.0Apache Subversion 1.6.1Apache Subversion 1.6.2Apache Subversion 1.6.3Apache Subversion 1.6.4Apache Subversion 1.6.5Apache Subversion 1.6.6Apache Subversion 1.6.7Apache Subversion 1.6.8Apache Subversion 1.6.9Apache Subversion 1.6.10Apache Subversion 1.6.11Apache Subversion 1.6.12Apache Subversion 1.6.13Apache Subversion 1.6.14Apache Subversion 1.6.15Apache Subversion 1.6.16Apache Subversion 1.6.17Apache Subversion 1.6.18Apache Subversion 1.6.19Apache Subversion 1.6.20Apache Subversion 1.6.21Apache Subversion 1.6.23Apache Subversion 1.7.0Apache Subversion 1.7.1Apache Subversion 1.7.2Apache Subversion 1.7.3Apache Subversion 1.7.4Apache Subversion 1.7.5Apache Subversion 1.7.6Apache Subversion 1.7.7Apache Subversion 1.7.8Apache Subversion 1.7.9Apache Subversion 1.7.10Apache Subversion 1.7.11Apache Subversion 1.7.12Apache Subversion 1.7.13Apache Subversion 1.7.14Apache Subversion 1.7.15Apache Subversion 1.7.16Apache Subversion 1.7.17Apache Subversion 1.7.18Apache Subversion 1.7.19Apache Subversion 1.8.0Apache Subversion 1.8.1Apache Subversion 1.8.2Apache Subversion 1.8.3Apache Subversion 1.8.4Apache Subversion 1.8.5Apache Subversion 1.8.6Apache Subversion 1.8.7Apache Subversion 1.8.8Apache Subversion 1.8.9Apache Subversion 1.8.10Apache Subversion 1.8.11Opensuse Opensuse 13.1Opensuse Opensuse 13.2Redhat Enterprise Linux Desktop 6.0Redhat Enterprise Linux Hpc Node 6.0Redhat Enterprise Linux Server 6.0Redhat Enterprise Linux Server Eus 6.7.zRedhat Enterprise Linux Workstation 6.0Oracle Solaris 11.3Apple Xcode 7.0
2.6
CVSSv2
CVE-2013-4505
The is_this_legal function in mod_dontdothat for Apache Subversion 1.4.0 through 1.7.13 and 1.8.0 through 1.8.4 allows remote attackers to bypass intended access restrictions and possibly cause a denial of service (resource consumption) via a relative URL in a REPORT request....
Apache Mod Dontdothat -Apache Subversion 1.4.0Apache Subversion 1.4.1Apache Subversion 1.4.2Apache Subversion 1.4.3Apache Subversion 1.4.4Apache Subversion 1.4.5Apache Subversion 1.4.6Apache Subversion 1.5.0Apache Subversion 1.5.1Apache Subversion 1.5.2Apache Subversion 1.5.3Apache Subversion 1.5.4Apache Subversion 1.5.5Apache Subversion 1.5.6Apache Subversion 1.5.7Apache Subversion 1.5.8Apache Subversion 1.6.0Apache Subversion 1.6.1Apache Subversion 1.6.2Apache Subversion 1.6.3Apache Subversion 1.6.4Apache Subversion 1.6.5Apache Subversion 1.6.6Apache Subversion 1.6.7Apache Subversion 1.6.8Apache Subversion 1.6.9Apache Subversion 1.6.10Apache Subversion 1.6.11Apache Subversion 1.6.12Apache Subversion 1.6.13Apache Subversion 1.6.14Apache Subversion 1.6.15Apache Subversion 1.6.16Apache Subversion 1.6.17Apache Subversion 1.6.18Apache Subversion 1.6.19Apache Subversion 1.6.20Apache Subversion 1.6.21Apache Subversion 1.6.23Apache Subversion 1.7.0Apache Subversion 1.7.1Apache Subversion 1.7.2Apache Subversion 1.7.3Apache Subversion 1.7.4Apache Subversion 1.7.5Apache Subversion 1.7.6Apache Subversion 1.7.7Apache Subversion 1.7.8Apache Subversion 1.7.9Apache Subversion 1.7.10Apache Subversion 1.7.11Apache Subversion 1.7.12Apache Subversion 1.8.1
4
CVSSv2
CVE-2016-8734
Apache Subversion's mod_dontdothat module and HTTP clients 1.4.0 through 1.8.16, and 1.9.0 through 1.9.4 are vulnerable to a denial-of-service attack caused by exponential XML entity expansion. The attack can cause the targeted process to consume an excessive amount of CPU...
Apache Subversion 1.4.0Apache Subversion 1.4.1Apache Subversion 1.4.2Apache Subversion 1.4.3Apache Subversion 1.4.4Apache Subversion 1.4.5Apache Subversion 1.4.6Apache Subversion 1.5.0Apache Subversion 1.5.1Apache Subversion 1.5.2Apache Subversion 1.5.3Apache Subversion 1.5.4Apache Subversion 1.5.5Apache Subversion 1.5.6Apache Subversion 1.5.7Apache Subversion 1.5.8Apache Subversion 1.6.0Apache Subversion 1.6.1Apache Subversion 1.6.2Apache Subversion 1.6.3Apache Subversion 1.6.4Apache Subversion 1.6.5Apache Subversion 1.6.6Apache Subversion 1.6.7Apache Subversion 1.6.8Apache Subversion 1.6.9Apache Subversion 1.6.10Apache Subversion 1.6.11Apache Subversion 1.6.12Apache Subversion 1.6.13Apache Subversion 1.6.14Apache Subversion 1.6.15Apache Subversion 1.6.16Apache Subversion 1.6.17Apache Subversion 1.6.18Apache Subversion 1.6.19Apache Subversion 1.6.20Apache Subversion 1.6.21Apache Subversion 1.6.23Apache Subversion 1.7.0Apache Subversion 1.7.1Apache Subversion 1.7.2Apache Subversion 1.7.3Apache Subversion 1.7.4Apache Subversion 1.7.5Apache Subversion 1.7.6Apache Subversion 1.7.7Apache Subversion 1.7.8Apache Subversion 1.7.9Apache Subversion 1.7.10Apache Subversion 1.7.11Apache Subversion 1.7.12Apache Subversion 1.7.13Apache Subversion 1.7.14Apache Subversion 1.7.15Apache Subversion 1.7.16Apache Subversion 1.7.17Apache Subversion 1.7.18Apache Subversion 1.7.19Apache Subversion 1.7.20Apache Subversion 1.8.0Apache Subversion 1.8.1Apache Subversion 1.8.2Apache Subversion 1.8.3Apache Subversion 1.8.4Apache Subversion 1.8.5Apache Subversion 1.8.6Apache Subversion 1.8.7Apache Subversion 1.8.8Apache Subversion 1.8.9Apache Subversion 1.8.10Apache Subversion 1.8.11Apache Subversion 1.8.12Apache Subversion 1.8.13Apache Subversion 1.8.14Apache Subversion 1.8.15Apache Subversion 1.8.16Apache Subversion 1.9.0Apache Subversion 1.9.1Apache Subversion 1.9.2Apache Subversion 1.9.3Apache Subversion 1.9.4Debian Debian Linux 8.0Debian Debian Linux 9.0
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
byte structXSSCVE-2021-27065byte struct projectquinnNULL pointer dereferenceCVE-2021-25336CVE-2021-27907CVE-2021-26858CVE-2021-25339local usersinternmentCVE-2021-28032