Published: 14/02/2014 Updated: 07/11/2023

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

VMScore: 383

Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P

The get_resource function in repos.c in the mod_dav_svn module in Apache Subversion prior to 1.7.15 and 1.8.x prior to 1.8.6, when SVNListParentPath is enabled, allows remote malicious users to cause a denial of service (crash) via vectors related to the server root and request methods other than GET, as demonstrated by the "svn ls svn.example.com" command.

Vulnerable Product	Search on Vulmon	Subscribe to Product
apache subversion 1.8.2
apache subversion 1.8.0
apache subversion 1.8.1
apache subversion 1.8.5
apache subversion 1.8.4
apache subversion 1.8.3
apache subversion 1.7.3
apache subversion 1.7.1
apache subversion 1.7.11
apache subversion 1.7.4
apache subversion 1.7.6
apache subversion 1.7.9
apache subversion 1.7.12
apache subversion 1.7.10
apache subversion 1.7.7
apache subversion
apache subversion 1.7.2
apache subversion 1.7.13
apache subversion 1.7.8
apache subversion 1.7.5
apache subversion 1.7.0

Debian Bug report logs - #737815 subversion: CVE-2014-0032: mod_dav_svn crash when handling certain requests with SVNListParentPath on Package: subversion; Maintainer for subversion is James McCoy <jamessan@debianorg>; Source for subversion is src:subversion (PTS, buildd, popcon) Reported by: Salvatore Bonaccorso <carnil ...

Several security issues were fixed in Subversion ...

A flaw was found in the way the mod_dav_svn module handled OPTIONS requests A remote attacker with read access to an SVN repository served via HTTP could use this flaw to cause the httpd process that handled such a request to crash The get_resource function in reposc in the mod_dav_svn module in Apache Subversion before 1715 and 18x before 1 ...

The get_resource function in reposc in the mod_dav_svn module in Apache Subversion before 1715 and 18x before 186, when SVNListParentPath is enabled, allows remote attackers to cause a denial of service (crash) via vectors related to the server root and request methods other than GET, as demonstrated by the "svn ls svnexamplecom" co ...

CWE-20 http://secunia.com/advisories/56822 http://svn.apache.org/viewvc?view=revision&revision=1557320 http://www.securityfocus.com/bid/65434 http://svn.apache.org/repos/asf/subversion/tags/1.7.15/CHANGES http://www.osvdb.org/102927 http://svn.apache.org/repos/asf/subversion/tags/1.8.6/CHANGES http://lists.opensuse.org/opensuse-updates/2014-02/msg00086.html http://lists.opensuse.org/opensuse-updates/2014-03/msg00011.html http://rhn.redhat.com/errata/RHSA-2014-0255.html http://www.ubuntu.com/usn/USN-2316-1 http://secunia.com/advisories/60722 http://support.apple.com/kb/HT6444 http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html http://secunia.com/advisories/61321 https://security.gentoo.org/glsa/201610-05 https://exchange.xforce.ibmcloud.com/vulnerabilities/90986 http://mail-archives.apache.org/mod_mbox/subversion-dev/201401.mbox/%3C52D328AB.8090502%40reser.org%3E http://mail-archives.apache.org/mod_mbox/subversion-dev/201401.mbox/%3CCANvU9scLHr2yOLABW8q6_wNzhEf7pWM=NiavGcobqvUuyhKyAA%40mail.gmail.com%3E http://mail-archives.apache.org/mod_mbox/subversion-dev/201401.mbox/%3C871u0gqb0d.fsf%40ntlworld.com%3E https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=737815 https://usn.ubuntu.com/2316-1/https://nvd.nist.gov https://access.redhat.com/security/cve/cve-2014-0032

CVE-2014-0032

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect