What is CVE-2015-0202?

CVE-2015-0202 is a vulnerability in Apache Subversion, classified under CWE-399. Published 2015-04-08.

Is CVE-2015-0202 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Apache Subversion

CVE-2015-0202

The mod_dav_svn server in Subversion 1.8.0 through 1.8.11 allows remote attackers to cause a denial of service (memory consumption) via a large number of REPORT requests, which trigger the traversal of FSFS repository nodes.

EPSS: 0.021 (84.3th percentile) — read the EPSS interpretation.

Affected products

Apache Subversion — versions 1.8.0, 1.8.1, 1.8.2
Opensuse — versions 13.1, 13.2
N/a — versions n/a

Weakness classification (CWE)

CWE-399

Public proof-of-concept exploits

ARPSyndicate/cvemon

References

76446 (vdb-entry, x_refsource_BID)
MDVSA-2015:192 (vendor-advisory, x_refsource_MANDRIVA)
1032100 (vdb-entry, x_refsource_SECTRACK)
USN-2721-1 (x_refsource_UBUNTU, vendor-advisory)
openSUSE-SU-2015:0672 (vendor-advisory, x_refsource_SUSE)
secalert@redhat.com (x_refsource_CONFIRM, Vendor Advisory)
GLSA-201610-05 (vendor-advisory, x_refsource_GENTOO)

Frequently asked questions

What is CVE-2015-0202?: CVE-2015-0202 is a vulnerability in Apache Subversion, classified under CWE-399. Published 2015-04-08.
Is CVE-2015-0202 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.