4.3
CVSSv2

CVE-2011-0715

Published: 11/03/2011 Updated: 19/09/2017
CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6
VMScore: 383
Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P

Vulnerability Summary

The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion prior to 1.6.16, allows remote malicious users to cause a denial of service (NULL pointer dereference and daemon crash) via a request that contains a lock token.

Most Upvoted Vulmon Research Post

There is no Researcher post for this vulnerability
Would you like to share something about it? Sign up now to share your knowledge with the community.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

Vendor Advisories

An attacker could send crafted input to the Subversion mod_dav_svn module for Apache and cause it to crash ...
Philip Martin discovered that HTTP-based Subversion servers crash when processing lock requests on repositories which support unauthenticated read access For the oldstable distribution (lenny), this problem has been fixed in version 151dfsg1-6 For the stable distribution (squeeze), this problem has been fixed in version 1612dfsg-5 For the te ...

References

NVD-CWE-Otherhttp://www.osvdb.org/70964https://bugzilla.redhat.com/show_bug.cgi?id=680755http://secunia.com/advisories/43603http://svn.apache.org/viewvc?view=revision&revision=1071307http://svn.haxx.se/dev/archive-2011-03/0122.shtmlhttp://svn.apache.org/viewvc?view=revision&revision=1071239http://www.securityfocus.com/bid/46734https://rhn.redhat.com/errata/RHSA-2011-0328.htmlhttp://svn.apache.org/repos/asf/subversion/tags/1.6.16/CHANGEShttp://subversion.apache.org/security/CVE-2011-0715-advisory.txthttp://www.debian.org/security/2011/dsa-2181http://www.vupen.com/english/advisories/2011/0567http://securitytracker.com/id?1025161https://rhn.redhat.com/errata/RHSA-2011-0327.htmlhttp://www.vupen.com/english/advisories/2011/0624http://www.vupen.com/english/advisories/2011/0568http://secunia.com/advisories/43583http://secunia.com/advisories/43672http://slackware.com/security/viewer.php?l=slackware-security&y=2011&m=slackware-security.479953http://www.vupen.com/english/advisories/2011/0660http://www.vupen.com/english/advisories/2011/0684http://secunia.com/advisories/43794http://lists.fedoraproject.org/pipermail/package-announce/2011-March/056736.htmlhttp://www.vupen.com/english/advisories/2011/0776http://www.ubuntu.com/usn/USN-1096-1http://www.vupen.com/english/advisories/2011/0885http://www.mandriva.com/security/advisories?name=MDVSA-2011:067http://support.apple.com/kb/HT4723http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.htmlhttp://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2011-March/056072.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2011-March/056071.htmlhttps://exchange.xforce.ibmcloud.com/vulnerabilities/65876https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18967http://tools.cisco.com/security/center/viewAlert.x?alertId=22599https://usn.ubuntu.com/1096-1/https://nvd.nist.gov