ID CVE-2010-4539
Summary The walk function in repos.c in the mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.15, allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via vectors that trigger the walking of SVNParentPath collections.
References
Vulnerable Configurations
  • cpe:2.3:a:apache:subversion:0.6:*:*:*:*:*:*:*
    cpe:2.3:a:apache:subversion:0.6:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:subversion:0.7:*:*:*:*:*:*:*
    cpe:2.3:a:apache:subversion:0.7:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:subversion:0.8:*:*:*:*:*:*:*
    cpe:2.3:a:apache:subversion:0.8:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:subversion:0.9:*:*:*:*:*:*:*
    cpe:2.3:a:apache:subversion:0.9:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:subversion:0.10.0:*:*:*:*:*:*:*
    cpe:2.3:a:apache:subversion:0.10.0:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:subversion:0.10.1:*:*:*:*:*:*:*
    cpe:2.3:a:apache:subversion:0.10.1:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:subversion:0.10.2:*:*:*:*:*:*:*
    cpe:2.3:a:apache:subversion:0.10.2:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:subversion:0.11.1:*:*:*:*:*:*:*
    cpe:2.3:a:apache:subversion:0.11.1:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:subversion:0.12.0:*:*:*:*:*:*:*
    cpe:2.3:a:apache:subversion:0.12.0:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:subversion:0.13.0:*:*:*:*:*:*:*
    cpe:2.3:a:apache:subversion:0.13.0:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:subversion:0.13.1:*:*:*:*:*:*:*
    cpe:2.3:a:apache:subversion:0.13.1:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:subversion:0.13.2:*:*:*:*:*:*:*
    cpe:2.3:a:apache:subversion:0.13.2:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:subversion:0.14.0:*:*:*:*:*:*:*
    cpe:2.3:a:apache:subversion:0.14.0:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:subversion:0.14.1:*:*:*:*:*:*:*
    cpe:2.3:a:apache:subversion:0.14.1:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:subversion:0.14.2:*:*:*:*:*:*:*
    cpe:2.3:a:apache:subversion:0.14.2:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:subversion:0.14.3:*:*:*:*:*:*:*
    cpe:2.3:a:apache:subversion:0.14.3:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:subversion:0.14.4:*:*:*:*:*:*:*
    cpe:2.3:a:apache:subversion:0.14.4:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:subversion:0.14.5:*:*:*:*:*:*:*
    cpe:2.3:a:apache:subversion:0.14.5:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:subversion:0.15:*:*:*:*:*:*:*
    cpe:2.3:a:apache:subversion:0.15:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:subversion:0.16:*:*:*:*:*:*:*
    cpe:2.3:a:apache:subversion:0.16:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:subversion:0.16.1:*:*:*:*:*:*:*
    cpe:2.3:a:apache:subversion:0.16.1:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:subversion:0.17.0:*:*:*:*:*:*:*
    cpe:2.3:a:apache:subversion:0.17.0:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:subversion:0.17.1:*:*:*:*:*:*:*
    cpe:2.3:a:apache:subversion:0.17.1:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:subversion:0.18.0:*:*:*:*:*:*:*
    cpe:2.3:a:apache:subversion:0.18.0:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:subversion:0.18.1:*:*:*:*:*:*:*
    cpe:2.3:a:apache:subversion:0.18.1:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:subversion:0.19.0:*:*:*:*:*:*:*
    cpe:2.3:a:apache:subversion:0.19.0:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:subversion:0.19.1:*:*:*:*:*:*:*
    cpe:2.3:a:apache:subversion:0.19.1:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:subversion:0.20.0:*:*:*:*:*:*:*
    cpe:2.3:a:apache:subversion:0.20.0:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:subversion:0.20.1:*:*:*:*:*:*:*
    cpe:2.3:a:apache:subversion:0.20.1:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:subversion:0.21.0:*:*:*:*:*:*:*
    cpe:2.3:a:apache:subversion:0.21.0:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:subversion:0.22.0:*:*:*:*:*:*:*
    cpe:2.3:a:apache:subversion:0.22.0:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:subversion:0.22.1:*:*:*:*:*:*:*
    cpe:2.3:a:apache:subversion:0.22.1:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:subversion:0.22.2:*:*:*:*:*:*:*
    cpe:2.3:a:apache:subversion:0.22.2:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:subversion:0.23.0:*:*:*:*:*:*:*
    cpe:2.3:a:apache:subversion:0.23.0:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:subversion:0.24.0:*:*:*:*:*:*:*
    cpe:2.3:a:apache:subversion:0.24.0:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:subversion:0.24.1:*:*:*:*:*:*:*
    cpe:2.3:a:apache:subversion:0.24.1:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:subversion:0.24.2:*:*:*:*:*:*:*
    cpe:2.3:a:apache:subversion:0.24.2:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:subversion:0.25.0:*:*:*:*:*:*:*
    cpe:2.3:a:apache:subversion:0.25.0:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:subversion:0.26.0:*:*:*:*:*:*:*
    cpe:2.3:a:apache:subversion:0.26.0:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:subversion:0.27.0:*:*:*:*:*:*:*
    cpe:2.3:a:apache:subversion:0.27.0:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:subversion:0.28.0:*:*:*:*:*:*:*
    cpe:2.3:a:apache:subversion:0.28.0:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:subversion:0.28.1:*:*:*:*:*:*:*
    cpe:2.3:a:apache:subversion:0.28.1:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:subversion:0.28.2:*:*:*:*:*:*:*
    cpe:2.3:a:apache:subversion:0.28.2:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:subversion:0.29.0:*:*:*:*:*:*:*
    cpe:2.3:a:apache:subversion:0.29.0:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:subversion:0.30.0:*:*:*:*:*:*:*
    cpe:2.3:a:apache:subversion:0.30.0:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:subversion:0.31.0:*:*:*:*:*:*:*
    cpe:2.3:a:apache:subversion:0.31.0:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:subversion:0.32.1:*:*:*:*:*:*:*
    cpe:2.3:a:apache:subversion:0.32.1:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:subversion:0.33.0:*:*:*:*:*:*:*
    cpe:2.3:a:apache:subversion:0.33.0:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:subversion:0.33.1:*:*:*:*:*:*:*
    cpe:2.3:a:apache:subversion:0.33.1:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:subversion:0.34.0:*:*:*:*:*:*:*
    cpe:2.3:a:apache:subversion:0.34.0:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:subversion:0.35.0:*:*:*:*:*:*:*
    cpe:2.3:a:apache:subversion:0.35.0:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:subversion:0.35.1:*:*:*:*:*:*:*
    cpe:2.3:a:apache:subversion:0.35.1:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:subversion:0.36.0:*:*:*:*:*:*:*
    cpe:2.3:a:apache:subversion:0.36.0:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:subversion:0.37.0:*:*:*:*:*:*:*
    cpe:2.3:a:apache:subversion:0.37.0:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:subversion:1.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:apache:subversion:1.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:subversion:1.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:apache:subversion:1.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:subversion:1.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:apache:subversion:1.0.2:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:subversion:1.0.3:*:*:*:*:*:*:*
    cpe:2.3:a:apache:subversion:1.0.3:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:subversion:1.0.4:*:*:*:*:*:*:*
    cpe:2.3:a:apache:subversion:1.0.4:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:subversion:1.0.5:*:*:*:*:*:*:*
    cpe:2.3:a:apache:subversion:1.0.5:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:subversion:1.0.6:*:*:*:*:*:*:*
    cpe:2.3:a:apache:subversion:1.0.6:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:subversion:1.0.7:*:*:*:*:*:*:*
    cpe:2.3:a:apache:subversion:1.0.7:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:subversion:1.0.8:*:*:*:*:*:*:*
    cpe:2.3:a:apache:subversion:1.0.8:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:subversion:1.0.9:*:*:*:*:*:*:*
    cpe:2.3:a:apache:subversion:1.0.9:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:subversion:1.1.0:*:*:*:*:*:*:*
    cpe:2.3:a:apache:subversion:1.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:subversion:1.1.1:*:*:*:*:*:*:*
    cpe:2.3:a:apache:subversion:1.1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:subversion:1.1.2:*:*:*:*:*:*:*
    cpe:2.3:a:apache:subversion:1.1.2:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:subversion:1.1.3:*:*:*:*:*:*:*
    cpe:2.3:a:apache:subversion:1.1.3:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:subversion:1.1.4:*:*:*:*:*:*:*
    cpe:2.3:a:apache:subversion:1.1.4:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:subversion:1.2.0:*:*:*:*:*:*:*
    cpe:2.3:a:apache:subversion:1.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:subversion:1.2.1:*:*:*:*:*:*:*
    cpe:2.3:a:apache:subversion:1.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:subversion:1.2.2:*:*:*:*:*:*:*
    cpe:2.3:a:apache:subversion:1.2.2:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:subversion:1.2.3:*:*:*:*:*:*:*
    cpe:2.3:a:apache:subversion:1.2.3:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:subversion:1.3.0:*:*:*:*:*:*:*
    cpe:2.3:a:apache:subversion:1.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:subversion:1.3.1:*:*:*:*:*:*:*
    cpe:2.3:a:apache:subversion:1.3.1:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:subversion:1.3.2:*:*:*:*:*:*:*
    cpe:2.3:a:apache:subversion:1.3.2:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:subversion:1.4.0:*:*:*:*:*:*:*
    cpe:2.3:a:apache:subversion:1.4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:subversion:1.4.1:*:*:*:*:*:*:*
    cpe:2.3:a:apache:subversion:1.4.1:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:subversion:1.4.2:*:*:*:*:*:*:*
    cpe:2.3:a:apache:subversion:1.4.2:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:subversion:1.4.3:*:*:*:*:*:*:*
    cpe:2.3:a:apache:subversion:1.4.3:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:subversion:1.4.4:*:*:*:*:*:*:*
    cpe:2.3:a:apache:subversion:1.4.4:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:subversion:1.4.5:*:*:*:*:*:*:*
    cpe:2.3:a:apache:subversion:1.4.5:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:subversion:1.4.6:*:*:*:*:*:*:*
    cpe:2.3:a:apache:subversion:1.4.6:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:subversion:1.5.0:*:*:*:*:*:*:*
    cpe:2.3:a:apache:subversion:1.5.0:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:subversion:1.5.1:*:*:*:*:*:*:*
    cpe:2.3:a:apache:subversion:1.5.1:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:subversion:1.5.2:*:*:*:*:*:*:*
    cpe:2.3:a:apache:subversion:1.5.2:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:subversion:1.5.3:*:*:*:*:*:*:*
    cpe:2.3:a:apache:subversion:1.5.3:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:subversion:1.5.4:*:*:*:*:*:*:*
    cpe:2.3:a:apache:subversion:1.5.4:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:subversion:1.5.5:*:*:*:*:*:*:*
    cpe:2.3:a:apache:subversion:1.5.5:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:subversion:1.5.6:*:*:*:*:*:*:*
    cpe:2.3:a:apache:subversion:1.5.6:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:subversion:1.5.7:*:*:*:*:*:*:*
    cpe:2.3:a:apache:subversion:1.5.7:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:subversion:1.5.8:*:*:*:*:*:*:*
    cpe:2.3:a:apache:subversion:1.5.8:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:subversion:1.6.0:*:*:*:*:*:*:*
    cpe:2.3:a:apache:subversion:1.6.0:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:subversion:1.6.1:*:*:*:*:*:*:*
    cpe:2.3:a:apache:subversion:1.6.1:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:subversion:1.6.2:*:*:*:*:*:*:*
    cpe:2.3:a:apache:subversion:1.6.2:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:subversion:1.6.3:*:*:*:*:*:*:*
    cpe:2.3:a:apache:subversion:1.6.3:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:subversion:1.6.4:*:*:*:*:*:*:*
    cpe:2.3:a:apache:subversion:1.6.4:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:subversion:1.6.5:*:*:*:*:*:*:*
    cpe:2.3:a:apache:subversion:1.6.5:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:subversion:1.6.6:*:*:*:*:*:*:*
    cpe:2.3:a:apache:subversion:1.6.6:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:subversion:1.6.7:*:*:*:*:*:*:*
    cpe:2.3:a:apache:subversion:1.6.7:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:subversion:1.6.8:*:*:*:*:*:*:*
    cpe:2.3:a:apache:subversion:1.6.8:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:subversion:1.6.9:*:*:*:*:*:*:*
    cpe:2.3:a:apache:subversion:1.6.9:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:subversion:1.6.10:*:*:*:*:*:*:*
    cpe:2.3:a:apache:subversion:1.6.10:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:subversion:1.6.11:*:*:*:*:*:*:*
    cpe:2.3:a:apache:subversion:1.6.11:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:subversion:1.6.12:*:*:*:*:*:*:*
    cpe:2.3:a:apache:subversion:1.6.12:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:subversion:1.6.13:*:*:*:*:*:*:*
    cpe:2.3:a:apache:subversion:1.6.13:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:subversion:1.6.14:*:*:*:*:*:*:*
    cpe:2.3:a:apache:subversion:1.6.14:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:subversion:m1:*:*:*:*:*:*:*
    cpe:2.3:a:apache:subversion:m1:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:subversion:m2:*:*:*:*:*:*:*
    cpe:2.3:a:apache:subversion:m2:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:subversion:m3:*:*:*:*:*:*:*
    cpe:2.3:a:apache:subversion:m3:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:subversion:m4\/m5:*:*:*:*:*:*:*
    cpe:2.3:a:apache:subversion:m4\/m5:*:*:*:*:*:*:*
CVSS
Base: 6.8 (as of 17-08-2017 - 01:33)
Impact:
Exploitability:
CWE CWE-399
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW SINGLE
Impact
ConfidentialityIntegrityAvailability
NONE NONE COMPLETE
cvss-vector via4 AV:N/AC:L/Au:S/C:N/I:N/A:C
redhat via4
advisories
  • rhsa
    id RHSA-2011:0257
  • rhsa
    id RHSA-2011:0258
rpms
  • mod_dav_svn-0:1.6.11-7.el5_6.1
  • subversion-0:1.6.11-7.el5_6.1
  • subversion-devel-0:1.6.11-7.el5_6.1
  • subversion-javahl-0:1.6.11-7.el5_6.1
  • subversion-perl-0:1.6.11-7.el5_6.1
  • subversion-ruby-0:1.6.11-7.el5_6.1
  • mod_dav_svn-0:1.6.11-2.el6_0.2
  • subversion-0:1.6.11-2.el6_0.2
  • subversion-devel-0:1.6.11-2.el6_0.2
  • subversion-gnome-0:1.6.11-2.el6_0.2
  • subversion-javahl-0:1.6.11-2.el6_0.2
  • subversion-kde-0:1.6.11-2.el6_0.2
  • subversion-perl-0:1.6.11-2.el6_0.2
  • subversion-ruby-0:1.6.11-2.el6_0.2
  • subversion-svn2cl-0:1.6.11-2.el6_0.2
refmap via4
bid 45655
confirm
fedora FEDORA-2011-0099
mandriva MDVSA-2011:006
mlist
  • [oss-security] 20110102 CVE request for subversion
  • [oss-security] 20110103 Re: CVE request for subversion
  • [oss-security] 20110104 Re: CVE request for subversion
  • [oss-security] 20110105 Re: CVE request for subversion
  • [subversion-users] 20101104 apache coredump in mod_dav_svn
  • [www-announce] 20101124 Apache Subversion 1.6.15 Released
sectrack 1024934
secunia
  • 42780
  • 42969
  • 43115
  • 43139
  • 43346
suse SUSE-SR:2011:005
ubuntu USN-1053-1
vupen
  • ADV-2011-0015
  • ADV-2011-0103
  • ADV-2011-0162
  • ADV-2011-0264
xf subversion-walk-dos(64472)
Last major update 17-08-2017 - 01:33
Published 07-01-2011 - 19:00
Back to Top