Vulnerability Details : CVE-2013-4131
The mod_dav_svn Apache HTTPD server module in Subversion 1.7.0 through 1.7.10 and 1.8.x before 1.8.1 allows remote authenticated users to cause a denial of service (assertion failure or out-of-bounds read) via a certain (1) COPY, (2) DELETE, or (3) MOVE request against a revision root.
Vulnerability category: OverflowDenial of service
Exploit prediction scoring system (EPSS) score for CVE-2013-4131
Probability of exploitation activity in the next 30 days: 0.34%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 67 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2013-4131
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
4.0
|
MEDIUM | AV:N/AC:L/Au:S/C:N/I:N/A:P |
8.0
|
2.9
|
NIST |
CWE ids for CVE-2013-4131
-
The product performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.Assigned by: nvd@nist.gov (Primary)
References for CVE-2013-4131
-
http://lists.opensuse.org/opensuse-updates/2013-08/msg00000.html
openSUSE-SU-2013:1286-1: moderate: subversion: update to 1.7.11
-
http://www.securityfocus.com/bid/61454
Apache Subversion CVE-2013-4131 Denial Of Service Vulnerability
-
http://subversion.apache.org/security/CVE-2013-4131-advisory.txt
Vendor Advisory
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/85983
Apache Subversion mod_dav_svn module denial of service CVE-2013-4131 Vulnerability Report
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18621
Repository / Oval Repository
-
https://bugzilla.redhat.com/show_bug.cgi?id=986194
986194 – (CVE-2013-4131) CVE-2013-4131 subversion: DoS (assertion failure, crash) in mod_dav_svn when handling certain MOVE, COPY, or DELETE HTTP requests
Products affected by CVE-2013-4131
- cpe:2.3:a:apache:subversion:1.7.2:*:*:*:*:*:*:*
- cpe:2.3:a:apache:subversion:1.7.3:*:*:*:*:*:*:*
- cpe:2.3:a:apache:subversion:1.7.6:*:*:*:*:*:*:*
- cpe:2.3:a:apache:subversion:1.7.7:*:*:*:*:*:*:*
- cpe:2.3:a:apache:subversion:1.7.0:*:*:*:*:*:*:*
- cpe:2.3:a:apache:subversion:1.7.1:*:*:*:*:*:*:*
- cpe:2.3:a:apache:subversion:1.7.8:*:*:*:*:*:*:*
- cpe:2.3:a:apache:subversion:1.7.4:*:*:*:*:*:*:*
- cpe:2.3:a:apache:subversion:1.7.5:*:*:*:*:*:*:*
- cpe:2.3:a:apache:subversion:1.7.9:*:*:*:*:*:*:*
- cpe:2.3:a:apache:subversion:1.8.0:*:*:*:*:*:*:*
- cpe:2.3:a:apache:subversion:1.7.10:*:*:*:*:*:*:*