CVE-2013-4505 : The is_this_legal function in mod_dontdothat for Apache Subversion 1.4.0 through

The is_this_legal function in mod_dontdothat for Apache Subversion 1.4.0 through 1.7.13 and 1.8.0 through 1.8.4 allows remote attackers to bypass intended access restrictions and possibly cause a denial of service (resource consumption) via a relative URL in a REPORT request.

Published 2013-12-07 20:55:03

Updated 2025-04-11 00:51:22

Source Red Hat, Inc.

View at NVD, CVE.org

Vulnerability category: Denial of service

Products affected by CVE-2013-4505

Apache » Subversion » Version: 1.6.5
cpe:2.3:a:apache:subversion:1.6.5:*:*:*:*:*:*:*
Matching versions
Apache » Subversion » Version: 1.6.4
cpe:2.3:a:apache:subversion:1.6.4:*:*:*:*:*:*:*
Matching versions
Apache » Subversion » Version: 1.6.12
cpe:2.3:a:apache:subversion:1.6.12:*:*:*:*:*:*:*
Matching versions
Apache » Subversion » Version: 1.6.11
cpe:2.3:a:apache:subversion:1.6.11:*:*:*:*:*:*:*
Matching versions
Apache » Subversion » Version: 1.6.3
cpe:2.3:a:apache:subversion:1.6.3:*:*:*:*:*:*:*
Matching versions
Apache » Subversion » Version: 1.6.2
cpe:2.3:a:apache:subversion:1.6.2:*:*:*:*:*:*:*
Matching versions
Apache » Subversion » Version: 1.6.7
cpe:2.3:a:apache:subversion:1.6.7:*:*:*:*:*:*:*
Matching versions
Apache » Subversion » Version: 1.6.6
cpe:2.3:a:apache:subversion:1.6.6:*:*:*:*:*:*:*
Matching versions
Apache » Subversion » Version: 1.6.10
cpe:2.3:a:apache:subversion:1.6.10:*:*:*:*:*:*:*
Matching versions
Apache » Subversion » Version: 1.6.9
cpe:2.3:a:apache:subversion:1.6.9:*:*:*:*:*:*:*
Matching versions
Apache » Subversion » Version: 1.6.8
cpe:2.3:a:apache:subversion:1.6.8:*:*:*:*:*:*:*
Matching versions
Apache » Subversion » Version: 1.6.1
cpe:2.3:a:apache:subversion:1.6.1:*:*:*:*:*:*:*
Matching versions
Apache » Subversion » Version: 1.6.0
cpe:2.3:a:apache:subversion:1.6.0:*:*:*:*:*:*:*
Matching versions
Apache » Subversion » Version: 1.5.6
cpe:2.3:a:apache:subversion:1.5.6:*:*:*:*:*:*:*
Matching versions
Apache » Subversion » Version: 1.5.5
cpe:2.3:a:apache:subversion:1.5.5:*:*:*:*:*:*:*
Matching versions
Apache » Subversion » Version: 1.5.4
cpe:2.3:a:apache:subversion:1.5.4:*:*:*:*:*:*:*
Matching versions
Apache » Subversion » Version: 1.5.3
cpe:2.3:a:apache:subversion:1.5.3:*:*:*:*:*:*:*
Matching versions
Apache » Subversion » Version: 1.5.7
cpe:2.3:a:apache:subversion:1.5.7:*:*:*:*:*:*:*
Matching versions
Apache » Subversion » Version: 1.5.0
cpe:2.3:a:apache:subversion:1.5.0:*:*:*:*:*:*:*
Matching versions
Apache » Subversion » Version: 1.5.2
cpe:2.3:a:apache:subversion:1.5.2:*:*:*:*:*:*:*
Matching versions
Apache » Subversion » Version: 1.5.1
cpe:2.3:a:apache:subversion:1.5.1:*:*:*:*:*:*:*
Matching versions
Apache » Subversion » Version: 1.4.4
cpe:2.3:a:apache:subversion:1.4.4:*:*:*:*:*:*:*
Matching versions
Apache » Subversion » Version: 1.4.3
cpe:2.3:a:apache:subversion:1.4.3:*:*:*:*:*:*:*
Matching versions
Apache » Subversion » Version: 1.4.6
cpe:2.3:a:apache:subversion:1.4.6:*:*:*:*:*:*:*
Matching versions
Apache » Subversion » Version: 1.4.5
cpe:2.3:a:apache:subversion:1.4.5:*:*:*:*:*:*:*
Matching versions
Apache » Subversion » Version: 1.4.0
cpe:2.3:a:apache:subversion:1.4.0:*:*:*:*:*:*:*
Matching versions
Apache » Subversion » Version: 1.5.8
cpe:2.3:a:apache:subversion:1.5.8:*:*:*:*:*:*:*
Matching versions
Apache » Subversion » Version: 1.4.2
cpe:2.3:a:apache:subversion:1.4.2:*:*:*:*:*:*:*
Matching versions
Apache » Subversion » Version: 1.4.1
cpe:2.3:a:apache:subversion:1.4.1:*:*:*:*:*:*:*
Matching versions
Apache » Subversion » Version: 1.6.13
cpe:2.3:a:apache:subversion:1.6.13:*:*:*:*:*:*:*
Matching versions
Apache » Subversion » Version: 1.6.14
cpe:2.3:a:apache:subversion:1.6.14:*:*:*:*:*:*:*
Matching versions
Apache » Subversion » Version: 1.6.15
cpe:2.3:a:apache:subversion:1.6.15:*:*:*:*:*:*:*
Matching versions
Apache » Subversion » Version: 1.6.16
cpe:2.3:a:apache:subversion:1.6.16:*:*:*:*:*:*:*
Matching versions
Apache » Subversion » Version: 1.6.19
cpe:2.3:a:apache:subversion:1.6.19:*:*:*:*:*:*:*
Matching versions
Apache » Subversion » Version: 1.6.20
cpe:2.3:a:apache:subversion:1.6.20:*:*:*:*:*:*:*
Matching versions
Apache » Subversion » Version: 1.6.18
cpe:2.3:a:apache:subversion:1.6.18:*:*:*:*:*:*:*
Matching versions
Apache » Subversion » Version: 1.6.17
cpe:2.3:a:apache:subversion:1.6.17:*:*:*:*:*:*:*
Matching versions
Apache » Subversion » Version: 1.7.2
cpe:2.3:a:apache:subversion:1.7.2:*:*:*:*:*:*:*
Matching versions
Apache » Subversion » Version: 1.7.3
cpe:2.3:a:apache:subversion:1.7.3:*:*:*:*:*:*:*
Matching versions
Apache » Subversion » Version: 1.7.6
cpe:2.3:a:apache:subversion:1.7.6:*:*:*:*:*:*:*
Matching versions
Apache » Subversion » Version: 1.7.7
cpe:2.3:a:apache:subversion:1.7.7:*:*:*:*:*:*:*
Matching versions
Apache » Subversion » Version: 1.7.0
cpe:2.3:a:apache:subversion:1.7.0:*:*:*:*:*:*:*
Matching versions
Apache » Subversion » Version: 1.7.1
cpe:2.3:a:apache:subversion:1.7.1:*:*:*:*:*:*:*
Matching versions
Apache » Subversion » Version: 1.7.8
cpe:2.3:a:apache:subversion:1.7.8:*:*:*:*:*:*:*
Matching versions
Apache » Subversion » Version: 1.7.4
cpe:2.3:a:apache:subversion:1.7.4:*:*:*:*:*:*:*
Matching versions
Apache » Subversion » Version: 1.7.5
cpe:2.3:a:apache:subversion:1.7.5:*:*:*:*:*:*:*
Matching versions
Apache » Subversion » Version: 1.7.9
cpe:2.3:a:apache:subversion:1.7.9:*:*:*:*:*:*:*
Matching versions
Apache » Subversion » Version: 1.8.1
cpe:2.3:a:apache:subversion:1.8.1:*:*:*:*:*:*:*
Matching versions
Apache » Subversion » Version: 1.6.21
cpe:2.3:a:apache:subversion:1.6.21:*:*:*:*:*:*:*
Matching versions
Apache » Subversion » Version: 1.7.10
cpe:2.3:a:apache:subversion:1.7.10:*:*:*:*:*:*:*
Matching versions
Apache » Subversion » Version: 1.6.23
cpe:2.3:a:apache:subversion:1.6.23:*:*:*:*:*:*:*
Matching versions
Apache » Subversion » Version: 1.7.12
cpe:2.3:a:apache:subversion:1.7.12:*:*:*:*:*:*:*
Matching versions
Apache » Subversion » Version: 1.7.11
cpe:2.3:a:apache:subversion:1.7.11:*:*:*:*:*:*:*
Matching versions
Apache » Mod Dontdothat » Version: N/A
cpe:2.3:a:apache:mod_dontdothat:-:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2013-4505

EPSS FAQ

1.54%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 80 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2013-4505

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
2.6	LOW	AV:N/AC:H/Au:N/C:N/I:N/A:P	4.9	2.9	NIST
Access Vector: Network Access Complexity: High Authentication: None Confidentiality Impact: None Integrity Impact: None Availability Impact: Partial

CWE ids for CVE-2013-4505

CWE-264

Assigned by: nvd@nist.gov (Primary)

References for CVE-2013-4505

http://osvdb.org/100364
http://lists.opensuse.org/opensuse-updates/2013-12/msg00048.html

openSUSE-SU-2013:1860-1: moderate: subversion: update to 1.7.14

CVEs referencing this url
http://subversion.apache.org/security/CVE-2013-4505-advisory.txt

Patch;Vendor Advisory
http://secunia.com/advisories/55855

Sign in
Vendor Advisory
http://lists.opensuse.org/opensuse-updates/2013-12/msg00029.html

openSUSE-SU-2013:1836-1: moderate: subversion: update to 1.8.5

CVEs referencing this url

Jump to

Vulnerability Details : CVE-2013-4505

Products affected by CVE-2013-4505

Exploit prediction scoring system (EPSS) score for CVE-2013-4505

CVSS scores for CVE-2013-4505

CWE ids for CVE-2013-4505

References for CVE-2013-4505