Published: 02/05/2013 Updated: 19/09/2017

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

VMScore: 505

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

The mod_dav_svn Apache HTTPD server module in Subversion 1.6.0 up to and including 1.6.20 and 1.7.0 up to and including 1.7.8 allows remote malicious users to cause a denial of service (NULL pointer dereference and crash) via an anonymous LOCK for a URL that does not exist.

Vulnerable Product	Search on Vulmon	Subscribe to Product
apache subversion 1.6.15
apache subversion 1.6.3
apache subversion 1.6.4
apache subversion 1.6.11
apache subversion 1.6.19
apache subversion 1.6.20
apache subversion 1.6.0
apache subversion 1.6.7
apache subversion 1.6.8
apache subversion 1.6.17
apache subversion 1.6.2
apache subversion 1.6.1
apache subversion 1.6.10
apache subversion 1.6.9
apache subversion 1.6.13
apache subversion 1.6.14
apache subversion 1.6.16
apache subversion 1.6.6
apache subversion 1.6.5
apache subversion 1.6.12
apache subversion 1.6.18
apache subversion 1.7.5
apache subversion 1.7.1
apache subversion 1.7.2
apache subversion 1.7.0
apache subversion 1.7.7
apache subversion 1.7.8
apache subversion 1.7.6
apache subversion 1.7.3
apache subversion 1.7.4

Synopsis Moderate: subversion security update Type/Severity Security Advisory: Moderate Topic Updated subversion packages that fix multiple security issues are nowavailable for Red Hat Enterprise Linux 5 and 6The Red Hat Security Response Team has rated this update as having moderatesecurity impact Common ...

Debian Bug report logs - #704940 subversion: cve-2013-1845 cve-2013-1846 cve-2013-1847 cve-2013-1849 cve-2013-1884 Package: src:subversion; Maintainer for src:subversion is James McCoy <jamessan@debianorg>; Reported by: Michael Gilbert <mgilbert@debianorg> Date: Mon, 8 Apr 2013 00:27:01 UTC Severity: serious Tags: ...

Several security issues were fixed in Subversion ...

A NULL pointer dereference flaw was found in the way the mod_dav_svn module handled PROPFIND requests on activity URLs A remote attacker could use this flaw to cause the httpd process serving the request to crash (CVE-2013-1849) A flaw was found in the way the mod_dav_svn module handled large numbers of properties (such as those set with the "svn ...

The mod_dav_svn Apache HTTPD server module in Subversion 160 through 1620 and 170 through 178 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via an anonymous LOCK for a URL that does not exist ...

source: wwwsecurityfocuscom/bid/58897/info Apache Subversion is prone to a remote denial-of-service vulnerability Attackers can exploit this issue to crash the application, resulting in denial-of-service conditions Apache Subversion versions 160 through 1620 and 170 through 178 are vulnerable curl -X LOCK --data-binary @loc ...

NVD-CWE-Other http://mail-archives.apache.org/mod_mbox/subversion-announce/201304.mbox/%3CCADkdwvSTMLbn4q_KM3Ph2UOeSiPGhEK4%3DSvwEjaHW_GUGkYWPQ%40mail.gmail.com%3E https://bugzilla.redhat.com/show_bug.cgi?id=929090 http://lists.opensuse.org/opensuse-updates/2013-04/msg00095.html http://mail-archives.apache.org/mod_mbox/subversion-announce/201304.mbox/%3CCADkdwvRoyVrZV12tgC0FMGrc6%2BMisd3qTcZ%2BDdpFGgTahkgAkQ%40mail.gmail.com%3E http://subversion.apache.org/security/CVE-2013-1847-advisory.txt http://rhn.redhat.com/errata/RHSA-2013-0737.html http://lists.opensuse.org/opensuse-updates/2013-06/msg00069.html http://www.ubuntu.com/usn/USN-1893-1 http://www.mandriva.com/security/advisories?name=MDVSA-2013:153 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18538 https://access.redhat.com/errata/RHSA-2013:0737 https://usn.ubuntu.com/1893-1/https://nvd.nist.gov https://www.exploit-db.com/exploits/38421/https://access.redhat.com/security/cve/cve-2013-1847

CVE-2013-1847

Vulnerability Summary

Vendor Advisories

Exploits

References

Vulmon Search

About

Products

Connect