Vulnerability in Apache Subversion

CVE-2015-0248

The (1) mod_dav_svn and (2) svnserve servers in Subversion 1.6.0 through 1.7.19 and 1.8.0 through 1.8.11 allow remote attackers to cause a denial of service (assertion failure and abort) via crafted parameter combinations related to dynami…

EPSS: 0.158 (94.9th percentile) — read the EPSS interpretation.

Affected products

Apache Subversion — versions 1.6.0, 1.6.1, 1.6.2
Apple Xcode — versions 7.0
Oracle Solaris — versions 11.3
Opensuse — versions 13.1, 13.2
Redhat Enterprise_linux_desktop — versions 6.0
Redhat Enterprise_linux_hpc_node — versions 6
Redhat Enterprise_linux_server — versions 6.0
Redhat Enterprise_linux_server_eus — versions 6.7.z
Redhat Enterprise_linux_workstation — versions 6.0
N/a — versions n/a

Weakness classification (CWE)

CWE-399

References

RHSA-2015:1742 (x_refsource_REDHAT, vendor-advisory)
DSA-3231 (vendor-advisory, x_refsource_DEBIAN)
RHSA-2015:1633 (x_refsource_REDHAT, vendor-advisory, Third Party Advisory)
74260 (vdb-entry, x_refsource_BID)
1033214 (vdb-entry, x_refsource_SECTRACK)
secalert@redhat.com (x_refsource_CONFIRM, Third Party Advisory)
MDVSA-2015:192 (vendor-advisory, x_refsource_MANDRIVA, Broken Link)
APPLE-SA-2015-09-16-2 (vendor-advisory, x_refsource_APPLE, Mailing List)
secalert@redhat.com (x_refsource_CONFIRM, Vendor Advisory)
USN-2721-1 (x_refsource_UBUNTU, vendor-advisory)