CVE-2014-0032CVE-2014-0032

Affected configuration(s):

cpe:/a:apache:subversion:1.7.0
cpe:/a:apache:subversion:1.7.1
cpe:/a:apache:subversion:1.7.2
cpe:/a:apache:subversion:1.7.3
cpe:/a:apache:subversion:1.7.4
cpe:/a:apache:subversion:1.7.5
cpe:/a:apache:subversion:1.7.6
cpe:/a:apache:subversion:1.7.7
cpe:/a:apache:subversion:1.7.8
cpe:/a:apache:subversion:1.7.9
cpe:/a:apache:subversion:1.7.10
cpe:/a:apache:subversion:1.7.11
cpe:/a:apache:subversion:1.7.12
cpe:/a:apache:subversion:1.7.13
cpe:/a:apache:subversion:1.7.14
cpe:/a:apache:subversion:1.8.0
cpe:/a:apache:subversion:1.8.1
cpe:/a:apache:subversion:1.8.2
cpe:/a:apache:subversion:1.8.3
cpe:/a:apache:subversion:1.8.4
cpe:/a:apache:subversion:1.8.5

Date published: 2014-02-14T10:55:05.907-05:00

Date last modified: 2017-08-28T21:34:07.687-04:00

CVSS Score: 4.3

Principal attack vector: NETWORK

Complexity:  MEDIUM

Reference URL: http://lists.opensuse.org/opensuse-updates/2014-02/msg00086.html

Summary: The get_resource function in repos.c in the mod_dav_svn module in Apache Subversion before 1.7.15 and 1.8.x before 1.8.6, when SVNListParentPath is enabled, allows remote attackers to cause a denial of service (crash) via vectors related to the server root and request methods other than GET, as demonstrated by the “svn ls http://svn.example.com” command.

CategoriesUncategorised

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.