Vulnerability Details : CVE-2013-4558
The get_parent_resource function in repos.c in mod_dav_svn Apache HTTPD server module in Subversion 1.7.11 through 1.7.13 and 1.8.1 through 1.8.4, when built with assertions enabled and SVNAutoversioning is enabled, allows remote attackers to cause a denial of service (assertion failure and Apache process abort) via a non-canonical URL in a request, as demonstrated using a trailing /.
Vulnerability category: Input validationDenial of service
Products affected by CVE-2013-4558
- cpe:2.3:a:apache:subversion:1.8.1:*:*:*:*:*:*:*
- cpe:2.3:a:apache:subversion:1.8.2:*:*:*:*:*:*:*
- cpe:2.3:a:apache:subversion:1.7.12:*:*:*:*:*:*:*
- cpe:2.3:a:apache:subversion:1.7.11:*:*:*:*:*:*:*
- cpe:2.3:a:apache:subversion:1.8.3:*:*:*:*:*:*:*
- cpe:2.3:a:apache:subversion:1.8.4:*:*:*:*:*:*:*
- cpe:2.3:a:apache:subversion:1.7.13:*:*:*:*:*:*:*
- cpe:2.3:a:apache:mod_dav_svn:-:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2013-4558
2.82%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 90 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2013-4558
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
3.5
|
LOW | AV:N/AC:M/Au:S/C:N/I:N/A:P |
6.8
|
2.9
|
NIST |
CWE ids for CVE-2013-4558
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: nvd@nist.gov (Primary)
References for CVE-2013-4558
-
https://bugzilla.redhat.com/show_bug.cgi?id=1033431
1033431 – (CVE-2013-4558) CVE-2013-4558 subversion: mod_dav_svn assertion when handling certain requests with autoversioning enabled
-
https://github.com/apache/subversion/commit/2c77c43e4255555f3b79f761f0d141393a3856cc
Merge r1542071 from trunk. · apache/subversion@2c77c43 · GitHub
-
http://lists.opensuse.org/opensuse-updates/2013-12/msg00048.html
openSUSE-SU-2013:1860-1: moderate: subversion: update to 1.7.14
-
http://subversion.apache.org/security/CVE-2013-4558-advisory.txt
Patch;Vendor Advisory
-
http://lists.opensuse.org/opensuse-updates/2013-12/msg00029.html
openSUSE-SU-2013:1836-1: moderate: subversion: update to 1.8.5
-
https://github.com/apache/subversion/commit/647e3f8365a74831bb915f63793b63e31fae062d
* subversion/mod_dav_svn/mod_dav_svn.c: · apache/subversion@647e3f8 · GitHub
-
http://osvdb.org/100363
Jump to