5
CVSSv2

CVE-2014-8108

Published: 18/12/2014 Updated: 03/01/2017
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
VMScore: 445
Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Vulnerability Summary

The mod_dav_svn Apache HTTPD server module in Apache Subversion 1.7.x prior to 1.7.19 and 1.8.x prior to 1.8.11 allows remote malicious users to cause a denial of service (NULL pointer dereference and crash) via a request for a URI that triggers a lookup for a virtual transaction name that does not exist.

Most Upvoted Vulmon Research Post

There is no Researcher post for this vulnerability
Would you like to share something about it? Sign up now to share your knowledge with the community.
Vulnerable Product Search on Vulmon Subscribe to Product

redhat enterprise linux workstation 7.0

redhat enterprise linux hpc node 7.0

redhat enterprise linux desktop 7.0

redhat enterprise linux server 7.0

apache subversion 1.0.0

apache subversion 1.0.8

apache subversion 1.0.9

apache subversion 1.2.1

apache subversion 1.2.2

apache subversion 1.4.2

apache subversion 1.4.3

apache subversion 1.5.4

apache subversion 1.5.5

apache subversion 1.6.11

apache subversion 1.6.12

apache subversion 1.2.0

apache subversion 1.6.10

apache subversion 1.6.19

apache subversion 1.7.3

apache subversion 1.6.20

apache subversion 1.7.19

apache subversion 1.6.2

apache subversion 1.7.11

apache subversion 1.6.18

apache subversion 1.6.5

apache subversion 1.5.3

apache subversion 1.4.0

apache subversion 1.7.12

apache subversion 1.1.4

apache subversion 1.5.2

apache subversion 1.0.6

apache subversion 1.7.2

apache subversion 1.6.1

apache subversion 1.6.17

apache subversion 1.0.7

apache subversion 1.6.6

apache subversion 1.4.1

apache subversion 1.0.4

apache subversion 1.8.2

apache subversion 1.4.5

apache subversion 1.0.2

apache subversion 1.1.2

apache subversion 1.8.0

apache subversion 1.7.16

apache subversion 1.7.4

apache subversion 1.6.21

apache subversion 1.1.1

apache subversion 1.7.6

apache subversion 1.2.3

apache subversion 1.8.1

apache subversion 1.4.4

apache subversion 1.5.7

apache subversion 1.4.6

apache subversion 1.3.1

apache subversion 1.6.8

apache subversion 1.8.5

apache subversion 1.6.13

apache subversion 1.7.7

apache subversion 1.0.3

apache subversion 1.6.7

apache subversion 1.0.1

apache subversion 1.3.2

apache subversion 1.0.5

apache subversion 1.7.13

apache subversion 1.8.4

apache subversion 1.6.23

apache subversion 1.8.3

apache subversion 1.8.10

apache subversion 1.3.0

apache subversion 1.7.14

apache subversion 1.1.3

apache subversion 1.7.5

apache subversion 1.6.14

apache subversion 1.1.0

apache subversion 1.5.1

apache subversion 1.7.15

apache subversion 1.5.6

apache subversion 1.5.0

apache subversion 1.6.9

apache subversion 1.8.8

apache subversion 1.7.0

apache subversion 1.7.17

apache subversion 1.7.1

apache subversion 1.6.16

apache subversion 1.7.9

apache subversion 1.6.3

apache subversion 1.7.10

apache subversion 1.6.0

apache subversion 1.5.8

apache subversion 1.8.6

apache subversion 1.7.18

apache subversion 1.6.4

apache subversion 1.7.8

apache subversion 1.8.7

apache subversion 1.6.15

apple xcode 6.1.1

Vendor Advisories

Synopsis Moderate: subversion security update Type/Severity Security Advisory: Moderate Topic Updated subversion packages that fix three security issues are nowavailable for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having Moderate securityimpact Common Vulnerability Scor ...
Debian Bug report logs - #773263 subversion: CVE-2014-3580 Package: subversion; Maintainer for subversion is James McCoy <jamessan@debianorg>; Source for subversion is src:subversion (PTS, buildd, popcon) Reported by: Moritz Muehlenhoff <jmm@inutilorg> Date: Tue, 16 Dec 2014 07:36:02 UTC Severity: grave Tags: patc ...
Debian Bug report logs - #773315 subversion: CVE-2014-8108 Package: subversion; Maintainer for subversion is James McCoy <jamessan@debianorg>; Source for subversion is src:subversion (PTS, buildd, popcon) Reported by: Moritz Muehlenhoff <jmm@inutilorg> Date: Tue, 16 Dec 2014 07:36:02 UTC Severity: grave Tags: patc ...
For the protection of our customers, Apple does not disclose, discuss, or confirm security issues until a full investigation has occurred and any necessary patches or releases are available To learn more about Apple Product Security, see the Apple Product Security website For information about the Apple Product Security PGP Key, see How to use th ...
A NULL pointer dereference flaw was found in the way the mod_dav_svn module handled certain requests for URIs that trigger a lookup of a virtual transaction name A remote, unauthenticated attacker could send a request for a virtual transaction name that does not exist, causing mod_dav_svn to crash ...
A NULL pointer dereference flaw was found in the way the mod_dav_svn module handled certain requests for URIs that trigger a lookup of a virtual transaction name A remote, unauthenticated attacker could send a request for a virtual transaction name that does not exist, causing mod_dav_svn to crash (CVE-2014-8108 ) A NULL pointer dereference flaw ...
Several security issues were fixed in Subversion ...