Vulnerability Details : CVE-2011-0715
The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.16, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a request that contains a lock token.
Vulnerability category: Memory CorruptionDenial of service
Products affected by CVE-2011-0715
- cpe:2.3:a:apache:subversion:*:*:*:*:*:*:*:*
- cpe:2.3:a:apache:subversion:1.6.5:*:*:*:*:*:*:*
- cpe:2.3:a:apache:subversion:1.6.4:*:*:*:*:*:*:*
- cpe:2.3:a:apache:subversion:1.6.12:*:*:*:*:*:*:*
- cpe:2.3:a:apache:subversion:1.6.11:*:*:*:*:*:*:*
- cpe:2.3:a:apache:subversion:1.6.3:*:*:*:*:*:*:*
- cpe:2.3:a:apache:subversion:1.6.2:*:*:*:*:*:*:*
- cpe:2.3:a:apache:subversion:1.6.7:*:*:*:*:*:*:*
- cpe:2.3:a:apache:subversion:1.6.6:*:*:*:*:*:*:*
- cpe:2.3:a:apache:subversion:1.6.10:*:*:*:*:*:*:*
- cpe:2.3:a:apache:subversion:1.6.9:*:*:*:*:*:*:*
- cpe:2.3:a:apache:subversion:1.6.8:*:*:*:*:*:*:*
- cpe:2.3:a:apache:subversion:1.6.1:*:*:*:*:*:*:*
- cpe:2.3:a:apache:subversion:1.6.0:*:*:*:*:*:*:*
- cpe:2.3:a:apache:subversion:1.5.6:*:*:*:*:*:*:*
- cpe:2.3:a:apache:subversion:1.5.5:*:*:*:*:*:*:*
- cpe:2.3:a:apache:subversion:1.5.4:*:*:*:*:*:*:*
- cpe:2.3:a:apache:subversion:1.5.3:*:*:*:*:*:*:*
- cpe:2.3:a:apache:subversion:1.5.7:*:*:*:*:*:*:*
- cpe:2.3:a:apache:subversion:1.5.0:*:*:*:*:*:*:*
- cpe:2.3:a:apache:subversion:1.5.2:*:*:*:*:*:*:*
- cpe:2.3:a:apache:subversion:1.5.1:*:*:*:*:*:*:*
- cpe:2.3:a:apache:subversion:1.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:apache:subversion:1.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:apache:subversion:1.1.3:*:*:*:*:*:*:*
- cpe:2.3:a:apache:subversion:1.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:apache:subversion:1.3.0:*:*:*:*:*:*:*
- cpe:2.3:a:apache:subversion:1.2.3:*:*:*:*:*:*:*
- cpe:2.3:a:apache:subversion:1.4.4:*:*:*:*:*:*:*
- cpe:2.3:a:apache:subversion:1.4.3:*:*:*:*:*:*:*
- cpe:2.3:a:apache:subversion:0.20.0:*:*:*:*:*:*:*
- cpe:2.3:a:apache:subversion:0.16.1:*:*:*:*:*:*:*
- cpe:2.3:a:apache:subversion:0.20.1:*:*:*:*:*:*:*
- cpe:2.3:a:apache:subversion:0.21.0:*:*:*:*:*:*:*
- cpe:2.3:a:apache:subversion:0.25.0:*:*:*:*:*:*:*
- cpe:2.3:a:apache:subversion:1.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:apache:subversion:0.37.0:*:*:*:*:*:*:*
- cpe:2.3:a:apache:subversion:1.1.2:*:*:*:*:*:*:*
- cpe:2.3:a:apache:subversion:1.3.2:*:*:*:*:*:*:*
- cpe:2.3:a:apache:subversion:1.3.1:*:*:*:*:*:*:*
- cpe:2.3:a:apache:subversion:1.4.6:*:*:*:*:*:*:*
- cpe:2.3:a:apache:subversion:1.4.5:*:*:*:*:*:*:*
- cpe:2.3:a:apache:subversion:0.19.0:*:*:*:*:*:*:*
- cpe:2.3:a:apache:subversion:0.19.1:*:*:*:*:*:*:*
- cpe:2.3:a:apache:subversion:0.24.0:*:*:*:*:*:*:*
- cpe:2.3:a:apache:subversion:0.24.1:*:*:*:*:*:*:*
- cpe:2.3:a:apache:subversion:0.29.0:*:*:*:*:*:*:*
- cpe:2.3:a:apache:subversion:0.28.2:*:*:*:*:*:*:*
- cpe:2.3:a:apache:subversion:0.35.1:*:*:*:*:*:*:*
- cpe:2.3:a:apache:subversion:0.35.0:*:*:*:*:*:*:*
- cpe:2.3:a:apache:subversion:0.7:*:*:*:*:*:*:*
- cpe:2.3:a:apache:subversion:0.6:*:*:*:*:*:*:*
- cpe:2.3:a:apache:subversion:0.14.5:*:*:*:*:*:*:*
- cpe:2.3:a:apache:subversion:0.10.2:*:*:*:*:*:*:*
- cpe:2.3:a:apache:subversion:0.13.0:*:*:*:*:*:*:*
- cpe:2.3:a:apache:subversion:m3:*:*:*:*:*:*:*
- cpe:2.3:a:apache:subversion:m2:*:*:*:*:*:*:*
- cpe:2.3:a:apache:subversion:m1:*:*:*:*:*:*:*
- cpe:2.3:a:apache:subversion:1.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:apache:subversion:0.36.0:*:*:*:*:*:*:*
- cpe:2.3:a:apache:subversion:1.0.9:*:*:*:*:*:*:*
- cpe:2.3:a:apache:subversion:1.0.6:*:*:*:*:*:*:*
- cpe:2.3:a:apache:subversion:1.0.7:*:*:*:*:*:*:*
- cpe:2.3:a:apache:subversion:1.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:apache:subversion:1.1.4:*:*:*:*:*:*:*
- cpe:2.3:a:apache:subversion:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:a:apache:subversion:0.18.1:*:*:*:*:*:*:*
- cpe:2.3:a:apache:subversion:0.22.2:*:*:*:*:*:*:*
- cpe:2.3:a:apache:subversion:0.23.0:*:*:*:*:*:*:*
- cpe:2.3:a:apache:subversion:0.28.1:*:*:*:*:*:*:*
- cpe:2.3:a:apache:subversion:0.28.0:*:*:*:*:*:*:*
- cpe:2.3:a:apache:subversion:0.34.0:*:*:*:*:*:*:*
- cpe:2.3:a:apache:subversion:0.33.1:*:*:*:*:*:*:*
- cpe:2.3:a:apache:subversion:0.9:*:*:*:*:*:*:*
- cpe:2.3:a:apache:subversion:0.8:*:*:*:*:*:*:*
- cpe:2.3:a:apache:subversion:0.16:*:*:*:*:*:*:*
- cpe:2.3:a:apache:subversion:0.14.4:*:*:*:*:*:*:*
- cpe:2.3:a:apache:subversion:0.13.2:*:*:*:*:*:*:*
- cpe:2.3:a:apache:subversion:0.12.0:*:*:*:*:*:*:*
- cpe:2.3:a:apache:subversion:m4\/m5:*:*:*:*:*:*:*
- cpe:2.3:a:apache:subversion:0.24.2:*:*:*:*:*:*:*
- cpe:2.3:a:apache:subversion:0.31.0:*:*:*:*:*:*:*
- cpe:2.3:a:apache:subversion:0.30.0:*:*:*:*:*:*:*
- cpe:2.3:a:apache:subversion:0.33.0:*:*:*:*:*:*:*
- cpe:2.3:a:apache:subversion:1.5.8:*:*:*:*:*:*:*
- cpe:2.3:a:apache:subversion:0.14.2:*:*:*:*:*:*:*
- cpe:2.3:a:apache:subversion:0.14.3:*:*:*:*:*:*:*
- cpe:2.3:a:apache:subversion:0.14.0:*:*:*:*:*:*:*
- cpe:2.3:a:apache:subversion:0.11.1:*:*:*:*:*:*:*
- cpe:2.3:a:apache:subversion:0.10.0:*:*:*:*:*:*:*
- cpe:2.3:a:apache:subversion:1.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:apache:subversion:1.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:apache:subversion:1.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:apache:subversion:1.0.8:*:*:*:*:*:*:*
- cpe:2.3:a:apache:subversion:1.2.2:*:*:*:*:*:*:*
- cpe:2.3:a:apache:subversion:1.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:apache:subversion:1.4.2:*:*:*:*:*:*:*
- cpe:2.3:a:apache:subversion:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:a:apache:subversion:0.17.0:*:*:*:*:*:*:*
- cpe:2.3:a:apache:subversion:0.17.1:*:*:*:*:*:*:*
- cpe:2.3:a:apache:subversion:0.18.0:*:*:*:*:*:*:*
- cpe:2.3:a:apache:subversion:0.22.0:*:*:*:*:*:*:*
- cpe:2.3:a:apache:subversion:0.22.1:*:*:*:*:*:*:*
- cpe:2.3:a:apache:subversion:0.27.0:*:*:*:*:*:*:*
- cpe:2.3:a:apache:subversion:0.26.0:*:*:*:*:*:*:*
- cpe:2.3:a:apache:subversion:0.32.1:*:*:*:*:*:*:*
- cpe:2.3:a:apache:subversion:1.6.13:*:*:*:*:*:*:*
- cpe:2.3:a:apache:subversion:0.14.1:*:*:*:*:*:*:*
- cpe:2.3:a:apache:subversion:0.15:*:*:*:*:*:*:*
- cpe:2.3:a:apache:subversion:0.10.1:*:*:*:*:*:*:*
- cpe:2.3:a:apache:subversion:0.13.1:*:*:*:*:*:*:*
- cpe:2.3:a:apache:subversion:1.6.14:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2011-0715
2.51%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 90 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2011-0715
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
4.3
|
MEDIUM | AV:N/AC:M/Au:N/C:N/I:N/A:P |
8.6
|
2.9
|
NIST |
References for CVE-2011-0715
-
http://www.vupen.com/english/advisories/2011/0568
Webmail | OVH- OVH
-
http://svn.apache.org/repos/asf/subversion/tags/1.6.16/CHANGES
-
https://bugzilla.redhat.com/show_bug.cgi?id=680755
680755 – (CVE-2011-0715) CVE-2011-0715 subversion (mod_dav_svn): DoS (NULL ptr deref) by a lock token sent from a not authenticated Subversion clientPatch
-
http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html
[security-announce] SUSE Security Summary Report: SUSE-SR:2011:005
-
http://www.vupen.com/english/advisories/2011/0684
Webmail | OVH- OVH
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18967
Repository / Oval Repository
-
http://www.vupen.com/english/advisories/2011/0624
Webmail | OVH- OVH
-
http://www.vupen.com/english/advisories/2011/0776
Webmail | OVH- OVH
-
http://subversion.apache.org/security/CVE-2011-0715-advisory.txt
Vendor Advisory
-
http://www.mandriva.com/security/advisories?name=MDVSA-2011:067
mandriva.com
-
http://www.vupen.com/english/advisories/2011/0885
Webmail | OVH- OVH
-
http://lists.fedoraproject.org/pipermail/package-announce/2011-March/056071.html
[SECURITY] Fedora 14 Update: subversion-1.6.16-1.fc14
-
http://svn.apache.org/viewvc?view=revision&revision=1071239
[Apache-SVN] Revision 1071239
-
http://lists.fedoraproject.org/pipermail/package-announce/2011-March/056072.html
[SECURITY] Fedora 13 Update: subversion-1.6.16-1.fc13
-
http://support.apple.com/kb/HT4723
About the security content of Mac OS X v10.6.8 and Security Update 2011-004 - Apple Support
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/65876
Apache Subversion mod_dav_svn denial of service CVE-2011-0715 Vulnerability Report
-
http://lists.fedoraproject.org/pipermail/package-announce/2011-March/056736.html
[SECURITY] Fedora 15 Update: subversion-1.6.16-1.fc15
-
http://svn.apache.org/viewvc?view=revision&revision=1071307
[Apache-SVN] Revision 1071307Patch
-
https://rhn.redhat.com/errata/RHSA-2011-0328.html
RHSA-2011:0328 - Security Advisory - Red Hat Customer Portal
-
http://www.debian.org/security/2011/dsa-2181
Debian -- Security Information -- DSA-2181-1 subversion
-
http://securitytracker.com/id?1025161
Subversion mod_dav_svn Null Pointer Dereference Lets Remote Users Deny Service - SecurityTracker
-
https://rhn.redhat.com/errata/RHSA-2011-0327.html
RHSA-2011:0327 - Security Advisory - Red Hat Customer Portal
-
http://slackware.com/security/viewer.php?l=slackware-security&y=2011&m=slackware-security.479953
The Slackware Linux Project: Slackware Security Advisories
-
http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html
Apple - Lists.apple.com
-
http://www.vupen.com/english/advisories/2011/0567
Webmail | OVH- OVHVendor Advisory
-
http://www.ubuntu.com/usn/USN-1096-1
USN-1096-1: Subversion vulnerability | Ubuntu security notices
-
http://www.securityfocus.com/bid/46734
Subversion 'mod_dav_svn' Apache Server NULL Pointer Dereference Denial Of Service Vulnerability
-
http://www.vupen.com/english/advisories/2011/0660
Webmail | OVH- OVH
-
http://svn.haxx.se/dev/archive-2011-03/0122.shtml
Subversion Dev: Subversion 1.6.16 ReleasedPatch
Jump to