Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2014-0032

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2014-0032
Last Modified 23 Sep 2014 01:41:31
Published 14 Feb 2014 10:55:05
Confidentiality Impact NONE NONE
Integrity Impact NONE NONE
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2014-0032

Summary

The get_resource function in repos.c in the mod_dav_svn module in Apache Subversion before 1.7.15 and 1.8.x before 1.8.6, when SVNListParentPath is enabled, allows remote attackers to cause a denial of service (crash) via vectors related to the server root and request methods other than GET, as demonstrated by the "svn ls http://svn.example.com" command.

Vulnerable Systems

Application

  • Apache Subversion 1.7.0

  • Apache Subversion 1.7.1

  • Apache Subversion 1.7.10

  • Apache Subversion 1.7.11

  • Apache Subversion 1.7.12

  • Apache Subversion 1.7.13

  • Apache Subversion 1.7.14

  • Apache Subversion 1.7.2

  • Apache Subversion 1.7.3

  • Apache Subversion 1.7.4

  • Apache Subversion 1.7.5

  • Apache Subversion 1.7.6

  • Apache Subversion 1.7.7

  • Apache Subversion 1.7.8

  • Apache Subversion 1.7.9

  • Apache Subversion 1.8.0

  • Apache Subversion 1.8.1

  • Apache Subversion 1.8.2

  • Apache Subversion 1.8.3

  • Apache Subversion 1.8.4

  • Apache Subversion 1.8.5


References

XF - apache-subversion-cve20140032-dos(90986)

BID - 65434

OSVDB - 102927

CONFIRM - http://svn.apache.org/viewvc?view=revision&revision=1557320

CONFIRM - http://svn.apache.org/repos/asf/subversion/tags/1.8.6/CHANGES

CONFIRM - http://svn.apache.org/repos/asf/subversion/tags/1.7.15/CHANGES

SECUNIA - 56822

MLIST - [subversion-dev] 20140110 Sin mod_dav_svn with repositories on /

MLIST - [subversion-dev] 20140110 Re: Segfault in mod_dav_svn with repositories on /

MLIST - [subversion-dev] 20140110 2 Re: Segfault in mod_dav_svn with repositories on /

SUSE - openSUSE-SU-2014:0307

REDHAT - RHSA-2014:0255

SUSE - openSUSE-SU-2014:0334

UBUNTU - USN-2316-1

SECUNIA - 60722

CONFIRM - http://support.apple.com/kb/HT6444


Last Updated: 27 May 2016 11:04:28