Vulnerability in Apache Subversion

CVE-2013-1847

The mod_dav_svn Apache HTTPD server module in Subversion 1.6.0 through 1.6.20 and 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via an anonymous LOCK for a URL that does not e…

EPSS: 0.514 (98.8th percentile) — read the EPSS interpretation.

Affected products

Apache Subversion — versions 1.6.0, 1.6.1, 1.6.2
N/a — versions n/a

References

openSUSE-SU-2013:0687 (vendor-advisory, x_refsource_SUSE)
RHSA-2013:0737 (x_refsource_REDHAT, vendor-advisory)
secalert@redhat.com (x_refsource_CONFIRM)
[subversion-announce] 20130404 Subversion 1.6.21 released (mailing-list, x_refsource_MLIST)
secalert@redhat.com (x_refsource_CONFIRM, Vendor Advisory)
[subversion-announce] 20130404 Apache Subversion 1.7.9 released (mailing-list, x_refsource_MLIST)
USN-1893-1 (x_refsource_UBUNTU, vendor-advisory)
oval:org.mitre.oval:def:18538 (x_refsource_OVAL, signature, vdb-entry)
openSUSE-SU-2013:0932 (vendor-advisory, x_refsource_SUSE)
MDVSA-2013:153 (vendor-advisory, x_refsource_MANDRIVA)