The get_parent_resource function in repos.c in mod_dav_svn Apache HTTPD server module in Subversion 1.7.11 up to and including 1.7.13 and 1.8.1 up to and including 1.8.4, when built with assertions enabled and SVNAutoversioning is enabled, allows remote malicious users to cause a denial of service (assertion failure and Apache process abort) via a non-canonical URL in a request, as demonstrated using a trailing /.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
apache subversion 1.8.2 |
||
apache subversion 1.7.11 |
||
apache subversion 1.8.1 |
||
apache subversion 1.7.12 |
||
apache mod dav svn - |
||
apache subversion 1.7.13 |
||
apache subversion 1.8.4 |
||
apache subversion 1.8.3 |