Vulnerability in Apache Subversion
CVE-2014-3580
The mod_dav_svn Apache HTTPD server module in Apache Subversion 1.x before 1.7.19 and 1.8.x before 1.8.11 allows remote attackers to cause a denial of service (NULL pointer dereference and server crash) via a REPORT request for a resource…
EPSS: 0.137 (94.4th percentile) — read the EPSS interpretation.
Affected products
- Apache Subversion — versions 1.0.0, 1.0.1, 1.0.2
- Apple Xcode — versions 6.1.1
- Debian Debian_linux — versions 7.0
- Redhat Enterprise_linux_desktop — versions 6.0, 7.0
- Redhat Enterprise_linux_hpc_node — versions 6.0, 7.0
- Redhat Enterprise_linux_server — versions 6.0, 7.0
- Redhat Enterprise_linux_server_eus — versions 6.6.z
- Redhat Enterprise_linux_workstation — versions 6.0, 7.0
- N/a — versions n/a
References
- DSA-3107 (vendor-advisory, Third Party Advisory, x_refsource_DEBIAN)
- RHSA-2015:0166 (x_refsource_REDHAT, vendor-advisory, Third Party Advisory)
- secalert@redhat.com (x_refsource_CONFIRM, Third Party Advisory)
- 71726 (vdb-entry, x_refsource_BID)
- secalert@redhat.com (x_refsource_CONFIRM, Patch, Vendor Advisory)
- APPLE-SA-2015-03-09-4 (vendor-advisory, x_refsource_APPLE, Mailing List, Third Party Advisory)
- RHSA-2015:0165 (x_refsource_REDHAT, vendor-advisory, Third Party Advisory)
- 61131 (x_refsource_SECUNIA, third-party-advisory)
- USN-2721-1 (x_refsource_UBUNTU, vendor-advisory)