Apache » Subversion : Security Vulnerabilities, CVEs, Published In 2013
The get_parent_resource function in repos.c in mod_dav_svn Apache HTTPD server module in Subversion 1.7.11 through 1.7.13 and 1.8.1 through 1.8.4, when built with assertions enabled and SVNAutoversioning is enabled, allows remote attackers to cause a denial of service (assertion failure and Apache process abort) via a non-canonical URL in a request, as demonstrated using a trailing /.
Max CVSS
3.5
EPSS Score
2.19%
Published
2013-12-07
Updated
2024-03-28
The is_this_legal function in mod_dontdothat for Apache Subversion 1.4.0 through 1.7.13 and 1.8.0 through 1.8.4 allows remote attackers to bypass intended access restrictions and possibly cause a denial of service (resource consumption) via a relative URL in a REPORT request.
Max CVSS
2.6
EPSS Score
0.28%
Published
2013-12-07
Updated
2013-12-20
Svnserve in Apache Subversion 1.4.0 through 1.7.12 and 1.8.0 through 1.8.1 allows local users to overwrite arbitrary files or kill arbitrary processes via a symlink attack on the file specified by the --pid-file option.
Max CVSS
3.3
EPSS Score
0.04%
Published
2013-09-16
Updated
2017-09-19
The mod_dav_svn Apache HTTPD server module in Subversion 1.7.0 through 1.7.10 and 1.8.x before 1.8.1 allows remote authenticated users to cause a denial of service (assertion failure or out-of-bounds read) via a certain (1) COPY, (2) DELETE, or (3) MOVE request against a revision root.
Max CVSS
4.0
EPSS Score
0.34%
Published
2013-07-31
Updated
2017-09-19
The svnserve server in Subversion before 1.6.23 and 1.7.x before 1.7.10 allows remote attackers to cause a denial of service (exit) by aborting a connection.
Max CVSS
7.8
EPSS Score
0.61%
Published
2013-07-31
Updated
2018-10-30
contrib/hook-scripts/svn-keyword-check.pl in Subversion before 1.6.23 allows remote authenticated users with commit permissions to execute arbitrary commands via shell metacharacters in a filename.
Max CVSS
7.1
EPSS Score
1.54%
Published
2013-07-31
Updated
2018-10-30
Subversion before 1.6.23 and 1.7.x before 1.7.10 allows remote authenticated users to cause a denial of service (FSFS repository corruption) via a newline character in a file name.
Max CVSS
5.5
EPSS Score
0.26%
Published
2013-07-31
Updated
2018-10-30
The mod_dav_svn Apache HTTPD server module in Subversion 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service (segmentation fault and crash) via a log REPORT request with an invalid limit, which triggers an access of an uninitialized variable.
Max CVSS
5.0
EPSS Score
6.39%
Published
2013-05-02
Updated
2017-09-19
The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x through 1.6.20 and 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a PROPFIND request for an activity URL.
Max CVSS
4.3
EPSS Score
1.26%
Published
2013-05-02
Updated
2017-09-19
The mod_dav_svn Apache HTTPD server module in Subversion 1.6.0 through 1.6.20 and 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via an anonymous LOCK for a URL that does not exist.
Max CVSS
5.0
EPSS Score
10.98%
Published
2013-05-02
Updated
2017-09-19
The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x before 1.6.21 and 1.7.0 through 1.7.8 allows remote authenticated users to cause a denial of service (NULL pointer dereference and crash) via a LOCK on an activity URL.
Max CVSS
4.0
EPSS Score
0.39%
Published
2013-05-02
Updated
2018-10-30
The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x before 1.6.21 and 1.7.0 through 1.7.8 allows remote authenticated users to cause a denial of service (memory consumption) by (1) setting or (2) deleting a large number of properties for a file or directory.
Max CVSS
2.1
EPSS Score
0.31%
Published
2013-05-02
Updated
2018-10-30
12 vulnerabilities found