4
CVSSv2

CVE-2013-1846

Published: 02/05/2013 Updated: 30/10/2018
CVSS v2 Base Score: 4 | Impact Score: 2.9 | Exploitability Score: 8
VMScore: 356
Vector: AV:N/AC:L/Au:S/C:N/I:N/A:P

Vulnerability Summary

The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x prior to 1.6.21 and 1.7.0 up to and including 1.7.8 allows remote authenticated users to cause a denial of service (NULL pointer dereference and crash) via a LOCK on an activity URL.

Most Upvoted Vulmon Research Post

There is no Researcher post for this vulnerability
Would you like to share something about it? Sign up now to share your knowledge with the community.
Vulnerable Product Search on Vulmon Subscribe to Product

apache subversion

apache subversion 1.6.12

apache subversion 1.6.11

apache subversion 1.6.4

apache subversion 1.6.3

apache subversion 1.6.14

apache subversion 1.6.13

apache subversion 1.6.6

apache subversion 1.6.5

apache subversion 1.6.17

apache subversion 1.6.16

apache subversion 1.6.15

apache subversion 1.6.10

apache subversion 1.6.19

apache subversion 1.6.2

apache subversion 1.6.18

apache subversion 1.6.8

apache subversion 1.6.0

apache subversion 1.6.7

apache subversion 1.6.1

apache subversion 1.6.9

apache subversion 1.7.2

apache subversion 1.7.3

apache subversion 1.7.0

apache subversion 1.7.1

apache subversion 1.7.7

apache subversion 1.7.4

apache subversion 1.7.5

apache subversion 1.7.6

opensuse opensuse 12.2

opensuse opensuse 12.1

opensuse opensuse 12.3

Vendor Advisories

Synopsis Moderate: subversion security update Type/Severity Security Advisory: Moderate Topic Updated subversion packages that fix multiple security issues are nowavailable for Red Hat Enterprise Linux 5 and 6The Red Hat Security Response Team has rated this update as having moderatesecurity impact Common ...
The mod_dav_svn Apache HTTPD server module in Subversion 16x before 1621 and 170 through 178 allows remote authenticated users to cause a denial of service (NULL pointer dereference and crash) via a LOCK on an activity URL ...
Debian Bug report logs - #704940 subversion: cve-2013-1845 cve-2013-1846 cve-2013-1847 cve-2013-1849 cve-2013-1884 Package: src:subversion; Maintainer for src:subversion is James McCoy <jamessan@debianorg>; Reported by: Michael Gilbert <mgilbert@debianorg> Date: Mon, 8 Apr 2013 00:27:01 UTC Severity: serious Tags: ...
Several security issues were fixed in Subversion ...
A NULL pointer dereference flaw was found in the way the mod_dav_svn module handled PROPFIND requests on activity URLs A remote attacker could use this flaw to cause the httpd process serving the request to crash (CVE-2013-1849 ) A flaw was found in the way the mod_dav_svn module handled large numbers of properties (such as those set with the "sv ...