Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
8
CVSSv2

CVE-2015-5343

Published: 14/04/2016 Updated: 12/02/2019
CVSS v2 Base Score: 8 | Impact Score: 8.5 | Exploitability Score: 8
CVSS v3 Base Score: 7.6 | Impact Score: 4.7 | Exploitability Score: 2.8
VMScore: 712
Vector: AV:N/AC:L/Au:S/C:P/I:P/A:C
Subscribe to Apache

Vulnerability Summary

Integer overflow in util.c in mod_dav_svn in Apache Subversion 1.7.x, 1.8.x prior to 1.8.15, and 1.9.x prior to 1.9.3 allows remote authenticated users to cause a denial of service (subversion server crash or memory consumption) and possibly execute arbitrary code via a skel-encoded request body, which triggers an out-of-bounds read and heap-based buffer overflow.

Vulnerable Product Search on Vulmon Subscribe to Product

apache subversion

debian debian linux 8.0

Vendor Advisories

Debian Security Advisories: DSA-3424-1 subversion -- security update
Ivan Zhakov discovered an integer overflow in mod_dav_svn, which allows an attacker with write access to the server to execute arbitrary code or cause a denial of service The oldstable distribution (wheezy) is not affected For the stable distribution (jessie), this problem has been fixed in version 1810-6+deb8u2 For the unstable distribution ( ...
Amazon Linux AMI: ALAS-2016-676
It was found that when an SVN server (both svnserve and httpd with the mod_dav_svn module) searched the history of a file or a directory, it would disclose its location in the repository if that file or directory was not readable (for example, if it had been moved) (CVE-2015-3187) An integer overflow was discovered allowing remote attackers to exe ...

Github Repositories

https://github.com/beecavebitworks/nvd-repo

A ruby gem for creating a static NVD filesystem repository

nvd-repo A ruby gem for creating a static NVD filesystem repository Currently it only supports parsing of the v121 XML feed format Features Populate a file system tree with all existing NVD/CVE entries Provide entry files in JSON and XML format Track history of modifications Provide concise summaries of changes since last update Simple bash scripts to get entry and sear

References

CWE-119http://subversion.apache.org/security/CVE-2015-5343-advisory.txthttp://www.securitytracker.com/id/1034470http://www.debian.org/security/2015/dsa-3424http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.405261https://nvd.nist.govhttps://github.com/beecavebitworks/nvd-repohttps://www.debian.org/security/./dsa-3424
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
deserializationCVE-2024-4040cross-site scriptingCVE-2023-25790CVE-2024-2961XML external entityCVE-2024-26926CVE-2024-32806CVE-2024-32711
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook