Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
5
CVSSv2

CVE-2014-3580

Published: 18/12/2014 Updated: 24/12/2016
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
VMScore: 445
Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Subscribe to Enterprise Linux Server Eus

Vulnerability Summary

The mod_dav_svn Apache HTTPD server module in Apache Subversion 1.x prior to 1.7.19 and 1.8.x prior to 1.8.11 allows remote malicious users to cause a denial of service (NULL pointer dereference and server crash) via a REPORT request for a resource that does not exist.

Vulnerable Product Search on Vulmon Subscribe to Product

redhat enterprise linux server eus 6.6.z

redhat enterprise linux workstation 7.0

redhat enterprise linux hpc node 7.0

redhat enterprise linux server 7.0

redhat enterprise linux hpc node 6.0

redhat enterprise linux desktop 7.0

redhat enterprise linux server 6.0

redhat enterprise linux desktop 6.0

redhat enterprise linux workstation 6.0

apache subversion 1.0.6

apache subversion 1.0.7

apache subversion 1.1.4

apache subversion 1.2.0

apache subversion 1.2.1

apache subversion 1.4.1

apache subversion 1.4.2

apache subversion 1.5.2

apache subversion 1.5.3

apache subversion 1.6.10

apache subversion 1.6.11

apache subversion 1.6.18

apache subversion 1.6.19

apache subversion 1.6.5

apache subversion 1.6.6

apache subversion 1.7.12

apache subversion 1.0.4

apache subversion 1.0.5

apache subversion 1.1.2

apache subversion 1.1.3

apache subversion 1.3.2

apache subversion 1.4.0

apache subversion 1.5.0

apache subversion 1.5.1

apache subversion 1.5.8

apache subversion 1.6.0

apache subversion 1.6.1

apache subversion 1.6.16

apache subversion 1.6.17

apache subversion 1.6.3

apache subversion 1.6.4

apache subversion 1.7.10

apache subversion 1.7.11

apache subversion 1.7.18

apache subversion 1.7.19

apache subversion 1.7.8

apache subversion 1.7.9

apache subversion 1.8.7

apache subversion 1.8.8

apache subversion 1.0.2

apache subversion 1.0.3

apache subversion 1.1.0

apache subversion 1.1.1

apache subversion 1.3.0

apache subversion 1.3.1

apache subversion 1.4.5

apache subversion 1.4.6

apache subversion 1.5.6

apache subversion 1.5.7

apache subversion 1.6.14

apache subversion 1.6.15

apache subversion 1.6.21

apache subversion 1.6.23

apache subversion 1.6.9

apache subversion 1.7.0

apache subversion 1.7.1

apache subversion 1.7.16

apache subversion 1.7.17

apache subversion 1.7.6

apache subversion 1.7.7

apache subversion 1.8.5

apache subversion 1.8.6

apache subversion 1.7.13

apache subversion 1.7.2

apache subversion 1.7.3

apache subversion 1.8.0

apache subversion 1.8.1

apache subversion 1.8.9

apache subversion 1.8.10

apache subversion 1.0.0

apache subversion 1.0.1

apache subversion 1.0.8

apache subversion 1.0.9

apache subversion 1.2.2

apache subversion 1.2.3

apache subversion 1.4.3

apache subversion 1.4.4

apache subversion 1.5.4

apache subversion 1.5.5

apache subversion 1.6.12

apache subversion 1.6.13

apache subversion 1.6.2

apache subversion 1.6.20

apache subversion 1.6.7

apache subversion 1.6.8

apache subversion 1.7.14

apache subversion 1.7.15

apache subversion 1.7.4

apache subversion 1.7.5

apache subversion 1.8.2

apache subversion 1.8.3

apache subversion 1.8.4

debian debian linux 7.0

apple xcode 6.1.1

Vendor Advisories

Ubuntu Security Notice: subversion vulnerabilities
Several security issues were fixed in Subversion ...
Red Hat: Moderate: subversion security update
Synopsis Moderate: subversion security update Type/Severity Security Advisory: Moderate Topic Updated subversion packages that fix two security issues are now availablefor Red Hat Enterprise Linux 6Red Hat Product Security has rated this update as having Moderate securityimpact Common Vulnerability Scorin ...
Red Hat: Moderate: subversion security update
Synopsis Moderate: subversion security update Type/Severity Security Advisory: Moderate Topic Updated subversion packages that fix three security issues are nowavailable for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having Moderate securityimpact Common Vulnerability Scor ...
Debian CVElist Bug Report Logs: subversion: CVE-2014-8108
Debian Bug report logs - #773315 subversion: CVE-2014-8108 Package: subversion; Maintainer for subversion is James McCoy <jamessan@debianorg>; Source for subversion is src:subversion (PTS, buildd, popcon) Reported by: Moritz Muehlenhoff <jmm@inutilorg> Date: Tue, 16 Dec 2014 07:36:02 UTC Severity: grave Tags: patc ...
Debian CVElist Bug Report Logs: subversion: CVE-2014-3580
Debian Bug report logs - #773263 subversion: CVE-2014-3580 Package: subversion; Maintainer for subversion is James McCoy <jamessan@debianorg>; Source for subversion is src:subversion (PTS, buildd, popcon) Reported by: Moritz Muehlenhoff <jmm@inutilorg> Date: Tue, 16 Dec 2014 07:36:02 UTC Severity: grave Tags: patc ...
Debian Security Advisories: DSA-3107-1 subversion -- security update
Evgeny Kotkov discovered a NULL pointer dereference while processing REPORT requests in mod_dav_svn, the Subversion component which is used to serve repositories with the Apache web server A remote attacker could abuse this vulnerability for a denial of service For the stable distribution (wheezy), this problem has been fixed in version 1617dfs ...
Amazon Linux AMI: ALAS-2015-555
A NULL pointer dereference flaw was found in the way the mod_dav_svn module handled certain requests for URIs that trigger a lookup of a virtual transaction name A remote, unauthenticated attacker could send a request for a virtual transaction name that does not exist, causing mod_dav_svn to crash (CVE-2014-8108) A NULL pointer dereference flaw w ...
Red Hat: CVE-2014-3580
A NULL pointer dereference flaw was found in the way the mod_dav_svn module handled REPORT requests A remote, unauthenticated attacker could use a specially crafted REPORT request to crash mod_dav_svn ...

References

NVD-CWE-Otherhttp://subversion.apache.org/security/CVE-2014-3580-advisory.txthttp://secunia.com/advisories/61131http://www.debian.org/security/2014/dsa-3107http://lists.apple.com/archives/security-announce/2015/Mar/msg00003.htmlhttps://support.apple.com/HT204427http://rhn.redhat.com/errata/RHSA-2015-0166.htmlhttp://rhn.redhat.com/errata/RHSA-2015-0165.htmlhttp://www.securityfocus.com/bid/71726http://www.ubuntu.com/usn/USN-2721-1https://usn.ubuntu.com/2721-1/https://nvd.nist.govhttps://access.redhat.com/security/cve/cve-2014-3580
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27975CVE-2024-2961CVE-2024-20380XML injectionHTML injectionCVE-2024-29204CVE-2023-51795memory leakCVE-2024-3470
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook