5
CVSSv2

CVE-2019-0203

Published: 26/09/2019 Updated: 27/09/2019
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9
Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Vulnerability Summary

A vulnerability in Apache Subversion could allow an unauthenticated, remote malicious user to cause a denial of service (DoS) condition on a targeted system. The vulnerability is due to a NULL pointer dereference condition that could occur in the svnserve server process of the affected software when a client sends certain sequences of protocol commands and the server is configured with anonymous access enabled. An attacker could exploit this vulnerability by sending a request that submits malicious input to the targeted system. A successful exploit could cause the svnserve server process to exit, resulting in a DoS condition. Apache has confirmed the vulnerability and released software updates.

Vulnerability Trend

Vendor Advisories

Synopsis Important: subversion:110 security update Type/Severity Security Advisory: Important Topic An update for the subversion:110 module is now available for Red Hat Enterprise Linux 8Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scorin ...
Subversion could be made to crash if it received specially crafted network traffic ...
Subversion could be made to crash if it received specially crafted network traffic ...
Several vulnerabilities were discovered in Subversion, a version control system The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2018-11782 Ace Olszowka reported that the Subversion's svnserve server process may exit when a well-formed read-only request produces a particular answer, leading to a ...
In Apache Subversion versions up to and including 1910, 1104, 1120, Subversion's svnserve server process may exit when a well-formed read-only request produces a particular answer This can lead to disruption for users of the server(CVE-2018-11782 ) In Apache Subversion versions up to and including 1910, 1104, 1120, Subversion's svnser ...
Arch Linux Security Advisory ASA-201908-10 ========================================== Severity: High Date : 2019-08-16 CVE-ID : CVE-2018-11782 CVE-2019-0203 Package : subversion Type : denial of service Remote : Yes Link : securityarchlinuxorg/AVG-1016 Summary ======= The package subversion before version 1122-1 is vulnera ...
A null-pointer-dereference has been found in svnserve that results in a remote unauthenticated Denial-of-Service in some server configurations The vulnerability can be triggered by an unauthenticated user if the server is configured with anonymous access enabled ...
Oracle Solaris Third Party Bulletin - October 2019 Description The Oracle Solaris Third Party Bulletin announces patches for one or more security vulnerabilities addressed in third party software that is included in Oracle Solaris distributions Starting January 20, 2015, Third Party Bulletins are released on the same day when Oracle Cr ...

Mailing Lists

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-4490-1 security () debian org wwwdebianorg/security/ Salvatore Bonaccorso August 01, 2019 wwwdebianorg/security/faq ...
The recent releases of Apache Subversion 1122, 1106, 1912, contain fixes for two security issues, CVE-2018-11782 and CVE-2019-0203 These issues affect Subversion 'svnserve' servers We encourage server operators to upgrade to the latest appropriate version as soon as reasonable Please see the [release announcements] for more information a ...