Published: 05/02/2019 Updated: 07/11/2023

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9

VMScore: 445

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Subversion's mod_dav_svn Apache HTTPD module versions 1.11.0 and 1.10.0 to 1.10.3 will crash after dereferencing an uninitialized pointer if the client omits the root path in a recursive directory listing operation.

Vulnerable Product	Search on Vulmon	Subscribe to Product
apache subversion
apache subversion 1.11.0
canonical ubuntu linux 18.10

Subversion could be made to crash if it received a specially crafted input ...

** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem When the candidate has been publicized, the details for this candidate will be provided ...

A denial of service has been found in subversion versions prior to 1111, allowing a malicious SVN client to crash a remote server using mod_dav_svn by omitting the root path from a recursive directory listing request, causing mod_dav_svn to dereference an uninitialized pointer variable and crash the httpd worker process handling the request ...

CWE-824 https://usn.ubuntu.com/3869-1/http://www.securityfocus.com/bid/106770 https://security.gentoo.org/glsa/201904-08 https://lists.apache.org/thread.html/fa71074862373c142d264534385f8ea5d8d6b80d27f36f3c46f55003%40%3Cdev.subversion.apache.org%3E https://usn.ubuntu.com/3869-1/https://nvd.nist.gov

CVE-2018-11803

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect