ID CVE-2014-3580
Summary The mod_dav_svn Apache HTTPD server module in Apache Subversion 1.x before 1.7.19 and 1.8.x before 1.8.11 allows remote attackers to cause a denial of service (NULL pointer dereference and server crash) via a REPORT request for a resource that does not exist.
References
Vulnerable Configurations
  • cpe:2.3:o:redhat:enterprise_linux_server_eus:6.6.z
    cpe:2.3:o:redhat:enterprise_linux_server_eus:6.6.z
  • Red Hat Enterprise Linux Server 6.0
    cpe:2.3:o:redhat:enterprise_linux_server:6.0
  • Red Hat Enterprise Linux Desktop 6.0
    cpe:2.3:o:redhat:enterprise_linux_desktop:6.0
  • Red Hat Enterprise Linux Workstation 6.0
    cpe:2.3:o:redhat:enterprise_linux_workstation:6.0
  • RedHat Enterprise Linux HPC Node 6.0
    cpe:2.3:o:redhat:enterprise_linux_hpc_node:6.0
  • RedHat Enterprise Linux Desktop 7.0
    cpe:2.3:o:redhat:enterprise_linux_desktop:7.0
  • RedHat Enterprise Linux HPC Node 7.0
    cpe:2.3:o:redhat:enterprise_linux_hpc_node:7.0
  • RedHat Enterprise Linux Server 7.0
    cpe:2.3:o:redhat:enterprise_linux_server:7.0
  • RedHat Enterprise Linux Workstation 7.0
    cpe:2.3:o:redhat:enterprise_linux_workstation:7.0
  • Apache Software Foundation Subversion 1.0.0
    cpe:2.3:a:apache:subversion:1.0.0
  • Apache Software Foundation Subversion 1.0.1
    cpe:2.3:a:apache:subversion:1.0.1
  • Apache Software Foundation Subversion 1.0.2
    cpe:2.3:a:apache:subversion:1.0.2
  • Apache Software Foundation Subversion 1.0.3
    cpe:2.3:a:apache:subversion:1.0.3
  • Apache Software Foundation Subversion 1.0.4
    cpe:2.3:a:apache:subversion:1.0.4
  • Apache Software Foundation Subversion 1.0.5
    cpe:2.3:a:apache:subversion:1.0.5
  • Apache Software Foundation Subversion 1.0.6
    cpe:2.3:a:apache:subversion:1.0.6
  • Apache Software Foundation Subversion 1.0.7
    cpe:2.3:a:apache:subversion:1.0.7
  • Apache Software Foundation Subversion 1.0.8
    cpe:2.3:a:apache:subversion:1.0.8
  • Apache Software Foundation Subversion 1.0.9
    cpe:2.3:a:apache:subversion:1.0.9
  • Apache Software Foundation Subversion 1.1.0
    cpe:2.3:a:apache:subversion:1.1.0
  • Apache Software Foundation Subversion 1.1.1
    cpe:2.3:a:apache:subversion:1.1.1
  • Apache Software Foundation Subversion 1.1.2
    cpe:2.3:a:apache:subversion:1.1.2
  • Apache Software Foundation Subversion 1.1.3
    cpe:2.3:a:apache:subversion:1.1.3
  • Apache Software Foundation Subversion 1.1.4
    cpe:2.3:a:apache:subversion:1.1.4
  • Apache Software Foundation Subversion 1.2.0
    cpe:2.3:a:apache:subversion:1.2.0
  • Apache Software Foundation Subversion 1.2.1
    cpe:2.3:a:apache:subversion:1.2.1
  • Apache Software Foundation Subversion 1.2.2
    cpe:2.3:a:apache:subversion:1.2.2
  • Apache Software Foundation Subversion 1.2.3
    cpe:2.3:a:apache:subversion:1.2.3
  • Apache Software Foundation Subversion 1.3.0
    cpe:2.3:a:apache:subversion:1.3.0
  • Apache Software Foundation Subversion 1.3.1
    cpe:2.3:a:apache:subversion:1.3.1
  • Apache Software Foundation Subversion 1.3.2
    cpe:2.3:a:apache:subversion:1.3.2
  • Apache Software Foundation Subversion 1.4.0
    cpe:2.3:a:apache:subversion:1.4.0
  • Apache Software Foundation Subversion 1.4.1
    cpe:2.3:a:apache:subversion:1.4.1
  • Apache Software Foundation Subversion 1.4.2
    cpe:2.3:a:apache:subversion:1.4.2
  • Apache Software Foundation Subversion 1.4.3
    cpe:2.3:a:apache:subversion:1.4.3
  • Apache Software Foundation Subversion 1.4.4
    cpe:2.3:a:apache:subversion:1.4.4
  • Apache Software Foundation Subversion 1.4.5
    cpe:2.3:a:apache:subversion:1.4.5
  • Apache Software Foundation Subversion 1.4.6
    cpe:2.3:a:apache:subversion:1.4.6
  • Apache Software Foundation Subversion 1.5.0
    cpe:2.3:a:apache:subversion:1.5.0
  • Apache Software Foundation Subversion 1.5.1
    cpe:2.3:a:apache:subversion:1.5.1
  • Apache Software Foundation Subversion 1.5.2
    cpe:2.3:a:apache:subversion:1.5.2
  • Apache Software Foundation Subversion 1.5.3
    cpe:2.3:a:apache:subversion:1.5.3
  • Apache Software Foundation Subversion 1.5.4
    cpe:2.3:a:apache:subversion:1.5.4
  • Apache Software Foundation Subversion 1.5.5
    cpe:2.3:a:apache:subversion:1.5.5
  • Apache Software Foundation Subversion 1.5.6
    cpe:2.3:a:apache:subversion:1.5.6
  • Apache Software Foundation Subversion 1.5.7
    cpe:2.3:a:apache:subversion:1.5.7
  • Apache Software Foundation Subversion 1.5.8
    cpe:2.3:a:apache:subversion:1.5.8
  • Apache Software Foundation Subversion 1.6.0
    cpe:2.3:a:apache:subversion:1.6.0
  • Apache Software Foundation Subversion 1.6.1
    cpe:2.3:a:apache:subversion:1.6.1
  • Apache Software Foundation Subversion 1.6.10
    cpe:2.3:a:apache:subversion:1.6.10
  • Apache Software Foundation Subversion 1.6.11
    cpe:2.3:a:apache:subversion:1.6.11
  • Apache Software Foundation Subversion 1.6.12
    cpe:2.3:a:apache:subversion:1.6.12
  • Apache Software Foundation Subversion 1.6.13
    cpe:2.3:a:apache:subversion:1.6.13
  • Apache Software Foundation Subversion 1.6.14
    cpe:2.3:a:apache:subversion:1.6.14
  • Apache Software Foundation Subversion 1.6.15
    cpe:2.3:a:apache:subversion:1.6.15
  • Apache Software Foundation Subversion 1.6.16
    cpe:2.3:a:apache:subversion:1.6.16
  • Apache Software Foundation Subversion 1.6.17
    cpe:2.3:a:apache:subversion:1.6.17
  • Apache Software Foundation Subversion 1.6.18
    cpe:2.3:a:apache:subversion:1.6.18
  • Apache Software Foundation Subversion 1.6.19
    cpe:2.3:a:apache:subversion:1.6.19
  • Apache Software Foundation Subversion 1.6.2
    cpe:2.3:a:apache:subversion:1.6.2
  • Apache Software Foundation Subversion 1.6.20
    cpe:2.3:a:apache:subversion:1.6.20
  • Apache Software Foundation Subversion 1.6.21
    cpe:2.3:a:apache:subversion:1.6.21
  • Apache Software Foundation Subversion 1.6.23
    cpe:2.3:a:apache:subversion:1.6.23
  • Apache Software Foundation Subversion 1.6.3
    cpe:2.3:a:apache:subversion:1.6.3
  • Apache Software Foundation Subversion 1.6.4
    cpe:2.3:a:apache:subversion:1.6.4
  • Apache Software Foundation Subversion 1.6.5
    cpe:2.3:a:apache:subversion:1.6.5
  • Apache Software Foundation Subversion 1.6.6
    cpe:2.3:a:apache:subversion:1.6.6
  • Apache Software Foundation Subversion 1.6.7
    cpe:2.3:a:apache:subversion:1.6.7
  • Apache Software Foundation Subversion 1.6.8
    cpe:2.3:a:apache:subversion:1.6.8
  • Apache Software Foundation Subversion 1.6.9
    cpe:2.3:a:apache:subversion:1.6.9
  • Apache Software Foundation Subversion 1.7.0
    cpe:2.3:a:apache:subversion:1.7.0
  • Apache Software Foundation Subversion 1.7.1
    cpe:2.3:a:apache:subversion:1.7.1
  • Apache Software Foundation Subversion 1.7.10
    cpe:2.3:a:apache:subversion:1.7.10
  • Apache Software Foundation Subversion 1.7.11
    cpe:2.3:a:apache:subversion:1.7.11
  • Apache Software Foundation Subversion 1.7.12
    cpe:2.3:a:apache:subversion:1.7.12
  • Apache Software Foundation Subversion 1.7.13
    cpe:2.3:a:apache:subversion:1.7.13
  • Apache Software Foundation Subversion 1.7.14
    cpe:2.3:a:apache:subversion:1.7.14
  • Apache Software Foundation Subversion 1.7.15
    cpe:2.3:a:apache:subversion:1.7.15
  • Apache Software Foundation Subversion 1.7.16
    cpe:2.3:a:apache:subversion:1.7.16
  • Apache Software Foundation Subversion 1.7.17
    cpe:2.3:a:apache:subversion:1.7.17
  • Apache Software Foundation Subversion 1.7.18
    cpe:2.3:a:apache:subversion:1.7.18
  • Apache Software Foundation Subversion 1.7.19
    cpe:2.3:a:apache:subversion:1.7.19
  • Apache Software Foundation Subversion 1.7.2
    cpe:2.3:a:apache:subversion:1.7.2
  • Apache Software Foundation Subversion 1.7.3
    cpe:2.3:a:apache:subversion:1.7.3
  • Apache Software Foundation Subversion 1.7.4
    cpe:2.3:a:apache:subversion:1.7.4
  • Apache Software Foundation Subversion 1.7.5
    cpe:2.3:a:apache:subversion:1.7.5
  • Apache Software Foundation Subversion 1.7.6
    cpe:2.3:a:apache:subversion:1.7.6
  • Apache Software Foundation Subversion 1.7.7
    cpe:2.3:a:apache:subversion:1.7.7
  • Apache Software Foundation Subversion 1.7.8
    cpe:2.3:a:apache:subversion:1.7.8
  • Apache Software Foundation Subversion 1.7.9
    cpe:2.3:a:apache:subversion:1.7.9
  • Apache Software Foundation Subversion 1.8.0
    cpe:2.3:a:apache:subversion:1.8.0
  • Apache Software Foundation Subversion 1.8.1
    cpe:2.3:a:apache:subversion:1.8.1
  • Apache Software Foundation Subversion 1.8.2
    cpe:2.3:a:apache:subversion:1.8.2
  • Apache Software Foundation Subversion 1.8.3
    cpe:2.3:a:apache:subversion:1.8.3
  • Apache Software Foundation Subversion 1.8.4
    cpe:2.3:a:apache:subversion:1.8.4
  • Apache Software Foundation Subversion 1.8.5
    cpe:2.3:a:apache:subversion:1.8.5
  • Apache Software Foundation Subversion 1.8.6
    cpe:2.3:a:apache:subversion:1.8.6
  • Apache Software Foundation Subversion 1.8.7
    cpe:2.3:a:apache:subversion:1.8.7
  • Apache Software Foundation Subversion 1.8.8
    cpe:2.3:a:apache:subversion:1.8.8
  • Apache Software Foundation Subversion 1.8.9
    cpe:2.3:a:apache:subversion:1.8.9
  • Apache Software Foundation Subversion 1.8.10
    cpe:2.3:a:apache:subversion:1.8.10
  • Debian Linux 7.0
    cpe:2.3:o:debian:debian_linux:7.0
  • Apple Xcode 6.1.1
    cpe:2.3:a:apple:xcode:6.1.1
CVSS
Base: 5.0 (as of 02-09-2016 - 16:08)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
nessus via4
  • NASL family Web Servers
    NASL id APACHE_MOD_DAV_SVN_REMOTE_DOS.NASL
    description The remote host is running a version of Apache SVN 1.7.x prior to 1.7.19 or 1.8.x prior to 1.8.11. It is, therefore, affected by multiple denial of service vulnerabilities : - A NULL pointer dereference flaw exists in 'mod_dav_svn' that is triggered when handling REPORT requests. A remote attacker, using a specially crafted request, can cause the listener process to crash. (CVE-2014-3580) - A NULL pointer dereference flaw exists in 'mod_dav_svn' that is triggered when handling requests for non-existent virtual transaction names. A remote attacker, using a specially crafted request, can cause the listener process to crash. (CVE-2014-8108)
    last seen 2019-02-21
    modified 2018-06-27
    plugin id 80864
    published 2015-01-20
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=80864
    title Apache Subversion 1.7.x < 1.7.19 / 1.8.x < 1.8.11 Multiple Remote DoS
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20150210_SUBVERSION_ON_SL6_X.NASL
    description A NULL pointer dereference flaw was found in the way the mod_dav_svn module handled REPORT requests. A remote, unauthenticated attacker could use a specially crafted REPORT request to crash mod_dav_svn. (CVE-2014-3580) It was discovered that Subversion clients retrieved cached authentication credentials using the MD5 hash of the server realm string without also checking the server's URL. A malicious server able to provide a realm that triggers an MD5 collision could possibly use this flaw to obtain the credentials for a different realm. (CVE-2014-3528) After installing the updated packages, for the update to take effect, you must restart the httpd daemon, if you are using mod_dav_svn, and the svnserve daemon, if you are serving Subversion repositories via the svn:// protocol.
    last seen 2019-02-21
    modified 2018-12-28
    plugin id 81309
    published 2015-02-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=81309
    title Scientific Linux Security Update : subversion on SL6.x i386/x86_64
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20150210_SUBVERSION_ON_SL7_X.NASL
    description A NULL pointer dereference flaw was found in the way the mod_dav_svn module handled REPORT requests. A remote, unauthenticated attacker could use a specially crafted REPORT request to crash mod_dav_svn. (CVE-2014-3580) A NULL pointer dereference flaw was found in the way the mod_dav_svn module handled certain requests for URIs that trigger a lookup of a virtual transaction name. A remote, unauthenticated attacker could send a request for a virtual transaction name that does not exist, causing mod_dav_svn to crash. (CVE-2014-8108) It was discovered that Subversion clients retrieved cached authentication credentials using the MD5 hash of the server realm string without also checking the server's URL. A malicious server able to provide a realm that triggers an MD5 collision could possibly use this flaw to obtain the credentials for a different realm. (CVE-2014-3528) After installing the updated packages, for the update to take effect, you must restart the httpd daemon, if you are using mod_dav_svn, and the svnserve daemon, if you are serving Subversion repositories via the svn:// protocol.
    last seen 2019-02-21
    modified 2018-12-28
    plugin id 81310
    published 2015-02-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=81310
    title Scientific Linux Security Update : subversion on SL7.x x86_64
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2015-0166.NASL
    description Updated subversion packages that fix three security issues are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Subversion (SVN) is a concurrent version control system which enables one or more users to collaborate in developing and maintaining a hierarchy of files and directories while keeping a history of all changes. The mod_dav_svn module is used with the Apache HTTP Server to allow access to Subversion repositories via HTTP. A NULL pointer dereference flaw was found in the way the mod_dav_svn module handled REPORT requests. A remote, unauthenticated attacker could use a specially crafted REPORT request to crash mod_dav_svn. (CVE-2014-3580) A NULL pointer dereference flaw was found in the way the mod_dav_svn module handled certain requests for URIs that trigger a lookup of a virtual transaction name. A remote, unauthenticated attacker could send a request for a virtual transaction name that does not exist, causing mod_dav_svn to crash. (CVE-2014-8108) It was discovered that Subversion clients retrieved cached authentication credentials using the MD5 hash of the server realm string without also checking the server's URL. A malicious server able to provide a realm that triggers an MD5 collision could possibly use this flaw to obtain the credentials for a different realm. (CVE-2014-3528) Red Hat would like to thank the Subversion project for reporting CVE-2014-3580 and CVE-2014-8108. Upstream acknowledges Evgeny Kotkov of VisualSVN as the original reporter. All subversion users should upgrade to these updated packages, which contain backported patches to correct these issues. After installing the updated packages, for the update to take effect, you must restart the httpd daemon, if you are using mod_dav_svn, and the svnserve daemon, if you are serving Subversion repositories via the svn:// protocol.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 81293
    published 2015-02-11
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=81293
    title RHEL 7 : subversion (RHSA-2015:0166)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2014-17222.NASL
    description This update includes the latest stable release of **Apache Subversion**, version **1.8.11**. Two security issues in mod_dav_svn are addressed in this release (CVE-2014-8108, CVE-2014-3580). For more details, see : http://subversion.apache.org/security/CVE-2014-8108-advisory.txt http://subversion.apache.org/security/CVE-2014-3580-advisory.txt **Client-side bugfixes:** - checkout/update: fix file externals failing to follow history and subsequently silently failing http://subversion.tigris.org/issues/show_bug.cgi?id=4185 - patch: don't skip targets in valid --git difs - diff: make property output in diffs stable - diff: fix diff of local copied directory with props - diff: fix changelist filter for repos-WC and WC-WC - remove broken conflict resolver menu options that always error out - improve gpg-agent support - fix crash in eclipse IDE with GNOME Keyring http://subversion.tigris.org/issues/show_bug.cgi?id=34 98 - fix externals shadowing a versioned directory http://subversion.tigris.org/issues/show_bug.cgi?id=40 85 - fix problems working on unix file systems that don't support permissions - upgrade: keep external registrations http://subversion.tigris.org/issues/show_bug.cgi?id=45 19 - cleanup: iprove performance of recorded timestamp fixups - translation updates for German **Server-side bugfixes:** - disable revprop caching feature due to cache invalidation problems - skip generating uniquifiers if rep-sharing is not supported - mod_dav_svn: reject requests with missing repository paths - mod_dav_svn: reject requests with invalid virtual transaction names - mod_dav_svn: avoid unneeded memory growth in resource walking http://subversion.tigris.org/issues/show_bug.cgi?id=45 31 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-05
    plugin id 80375
    published 2015-01-06
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=80375
    title Fedora 20 : subversion-1.8.11-1.fc20 (2014-17222)
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2014-821.NASL
    description This Apache Subversion update fixes the following security and non security issues. - Apache Subversion 1.8.11 - This release addresses two security issues: [boo#909935] - CVE-2014-3580: mod_dav_svn DoS from invalid REPORT requests. - CVE-2014-8108: mod_dav_svn DoS from use of invalid transaction names. - Client-side bugfixes : - checkout/update: fix file externals failing to follow history and subsequently silently failing - patch: don't skip targets in valid --git difs - diff: make property output in diffs stable - diff: fix diff of local copied directory with props - diff: fix changelist filter for repos-WC and WC-WC - remove broken conflict resolver menu options that always error out - improve gpg-agent support - fix crash in eclipse IDE with GNOME Keyring - fix externals shadowing a versioned directory - fix problems working on unix file systems that don't support permissions - upgrade: keep external registrations - cleanup: iprove performance of recorded timestamp fixups - translation updates for German - Server-side bugfixes : - disable revprop caching feature due to cache invalidation problems - skip generating uniquifiers if rep-sharing is not supported - mod_dav_svn: reject requests with missing repository paths - mod_dav_svn: reject requests with invalid virtual transaction names - mod_dav_svn: avoid unneeded memory growth in resource walking
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 80299
    published 2014-12-30
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=80299
    title openSUSE Security Update : subversion (openSUSE-SU-2014:1725-1)
  • NASL family MacOS X Local Security Checks
    NASL id MACOSX_XCODE_6_2.NASL
    description The Apple Xcode installed on the remote Mac OS X host is prior to version 6.2. It is, therefore, affected by the following vulnerabilities : - Numerous errors exist related to the bundled version of Apache Subversion. (CVE-2014-3522, CVE-2014-3528, CVE-2014-3580, CVE-2014-8108) - An error exists related to the bundled version of Git that allows arbitrary files to be added to the .git folder. (CVE-2014-9390)
    last seen 2019-02-21
    modified 2018-07-14
    plugin id 81758
    published 2015-03-11
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=81758
    title Apple Xcode < 6.2 (Mac OS X)
  • NASL family Amazon Linux Local Security Checks
    NASL id ALA_ALAS-2015-555.NASL
    description A NULL pointer dereference flaw was found in the way the mod_dav_svn module handled certain requests for URIs that trigger a lookup of a virtual transaction name. A remote, unauthenticated attacker could send a request for a virtual transaction name that does not exist, causing mod_dav_svn to crash. (CVE-2014-8108) A NULL pointer dereference flaw was found in the way the mod_dav_svn module handled REPORT requests. A remote, unauthenticated attacker could use a specially crafted REPORT request to crash mod_dav_svn. (CVE-2014-3580)
    last seen 2019-02-21
    modified 2018-04-18
    plugin id 84372
    published 2015-06-25
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=84372
    title Amazon Linux AMI : mod_dav_svn / subversion (ALAS-2015-555)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2015-0166.NASL
    description Updated subversion packages that fix three security issues are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Subversion (SVN) is a concurrent version control system which enables one or more users to collaborate in developing and maintaining a hierarchy of files and directories while keeping a history of all changes. The mod_dav_svn module is used with the Apache HTTP Server to allow access to Subversion repositories via HTTP. A NULL pointer dereference flaw was found in the way the mod_dav_svn module handled REPORT requests. A remote, unauthenticated attacker could use a specially crafted REPORT request to crash mod_dav_svn. (CVE-2014-3580) A NULL pointer dereference flaw was found in the way the mod_dav_svn module handled certain requests for URIs that trigger a lookup of a virtual transaction name. A remote, unauthenticated attacker could send a request for a virtual transaction name that does not exist, causing mod_dav_svn to crash. (CVE-2014-8108) It was discovered that Subversion clients retrieved cached authentication credentials using the MD5 hash of the server realm string without also checking the server's URL. A malicious server able to provide a realm that triggers an MD5 collision could possibly use this flaw to obtain the credentials for a different realm. (CVE-2014-3528) Red Hat would like to thank the Subversion project for reporting CVE-2014-3580 and CVE-2014-8108. Upstream acknowledges Evgeny Kotkov of VisualSVN as the original reporter. All subversion users should upgrade to these updated packages, which contain backported patches to correct these issues. After installing the updated packages, for the update to take effect, you must restart the httpd daemon, if you are using mod_dav_svn, and the svnserve daemon, if you are serving Subversion repositories via the svn:// protocol.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 81278
    published 2015-02-11
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=81278
    title CentOS 7 : subversion (CESA-2015:0166)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2014-17118.NASL
    description This update includes the latest stable release of **Apache Subversion**, version **1.8.11**. Two security issues in mod_dav_svn are addressed in this release (CVE-2014-8108, CVE-2014-3580). For more details, see : http://subversion.apache.org/security/CVE-2014-8108-advisory.txt http://subversion.apache.org/security/CVE-2014-3580-advisory.txt **Client-side bugfixes:** - checkout/update: fix file externals failing to follow history and subsequently silently failing http://subversion.tigris.org/issues/show_bug.cgi?id=4185 - patch: don't skip targets in valid --git difs - diff: make property output in diffs stable - diff: fix diff of local copied directory with props - diff: fix changelist filter for repos-WC and WC-WC - remove broken conflict resolver menu options that always error out - improve gpg-agent support - fix crash in eclipse IDE with GNOME Keyring http://subversion.tigris.org/issues/show_bug.cgi?id=34 98 - fix externals shadowing a versioned directory http://subversion.tigris.org/issues/show_bug.cgi?id=40 85 - fix problems working on unix file systems that don't support permissions - upgrade: keep external registrations http://subversion.tigris.org/issues/show_bug.cgi?id=45 19 - cleanup: iprove performance of recorded timestamp fixups - translation updates for German **Server-side bugfixes:** - disable revprop caching feature due to cache invalidation problems - skip generating uniquifiers if rep-sharing is not supported - mod_dav_svn: reject requests with missing repository paths - mod_dav_svn: reject requests with invalid virtual transaction names - mod_dav_svn: avoid unneeded memory growth in resource walking http://subversion.tigris.org/issues/show_bug.cgi?id=45 31 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-05
    plugin id 80373
    published 2015-01-06
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=80373
    title Fedora 21 : subversion-1.8.11-1.fc21 (2014-17118)
  • NASL family Mandriva Local Security Checks
    NASL id MANDRIVA_MDVSA-2015-005.NASL
    description Updated subversion packages fix security vulnerabilities : A NULL pointer dereference flaw was found in the way mod_dav_svn handled REPORT requests. A remote, unauthenticated attacker could use a crafted REPORT request to crash mod_dav_svn (CVE-2014-3580). A NULL pointer dereference flaw was found in the way mod_dav_svn handled URIs for virtual transaction names. A remote, unauthenticated attacker could send a request for a virtual transaction name that does not exist, causing mod_dav_svn to crash (CVE-2014-8108).
    last seen 2019-02-21
    modified 2019-01-02
    plugin id 80386
    published 2015-01-06
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=80386
    title Mandriva Linux Security Advisory : subversion (MDVSA-2015:005)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2015-0166.NASL
    description From Red Hat Security Advisory 2015:0166 : Updated subversion packages that fix three security issues are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Subversion (SVN) is a concurrent version control system which enables one or more users to collaborate in developing and maintaining a hierarchy of files and directories while keeping a history of all changes. The mod_dav_svn module is used with the Apache HTTP Server to allow access to Subversion repositories via HTTP. A NULL pointer dereference flaw was found in the way the mod_dav_svn module handled REPORT requests. A remote, unauthenticated attacker could use a specially crafted REPORT request to crash mod_dav_svn. (CVE-2014-3580) A NULL pointer dereference flaw was found in the way the mod_dav_svn module handled certain requests for URIs that trigger a lookup of a virtual transaction name. A remote, unauthenticated attacker could send a request for a virtual transaction name that does not exist, causing mod_dav_svn to crash. (CVE-2014-8108) It was discovered that Subversion clients retrieved cached authentication credentials using the MD5 hash of the server realm string without also checking the server's URL. A malicious server able to provide a realm that triggers an MD5 collision could possibly use this flaw to obtain the credentials for a different realm. (CVE-2014-3528) Red Hat would like to thank the Subversion project for reporting CVE-2014-3580 and CVE-2014-8108. Upstream acknowledges Evgeny Kotkov of VisualSVN as the original reporter. All subversion users should upgrade to these updated packages, which contain backported patches to correct these issues. After installing the updated packages, for the update to take effect, you must restart the httpd daemon, if you are using mod_dav_svn, and the svnserve daemon, if you are serving Subversion repositories via the svn:// protocol.
    last seen 2019-02-21
    modified 2018-07-18
    plugin id 81289
    published 2015-02-11
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=81289
    title Oracle Linux 7 : subversion (ELSA-2015-0166)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2015-0165.NASL
    description Updated subversion packages that fix two security issues are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Subversion (SVN) is a concurrent version control system which enables one or more users to collaborate in developing and maintaining a hierarchy of files and directories while keeping a history of all changes. The mod_dav_svn module is used with the Apache HTTP Server to allow access to Subversion repositories via HTTP. A NULL pointer dereference flaw was found in the way the mod_dav_svn module handled REPORT requests. A remote, unauthenticated attacker could use a specially crafted REPORT request to crash mod_dav_svn. (CVE-2014-3580) It was discovered that Subversion clients retrieved cached authentication credentials using the MD5 hash of the server realm string without also checking the server's URL. A malicious server able to provide a realm that triggers an MD5 collision could possibly use this flaw to obtain the credentials for a different realm. (CVE-2014-3528) Red Hat would like to thank the Subversion project for reporting CVE-2014-3580. Upstream acknowledges Evgeny Kotkov of VisualSVN as the original reporter. All subversion users should upgrade to these updated packages, which contain backported patches to correct these issues. After installing the updated packages, for the update to take effect, you must restart the httpd daemon, if you are using mod_dav_svn, and the svnserve daemon, if you are serving Subversion repositories via the svn:// protocol.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 81277
    published 2015-02-11
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=81277
    title CentOS 6 : subversion (CESA-2015:0165)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DLA-119.NASL
    description Evgeny Kotkov discovered a NULL pointer dereference while processing REPORT requests in mod_dav_svn, the Subversion component which is used to serve repositories with the Apache web server. A remote attacker could abuse this vulnerability for a denial of service. We recommend that you upgrade your subversion packages. NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-07-06
    plugin id 82102
    published 2015-03-26
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=82102
    title Debian DLA-119-1 : subversion security update
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-3107.NASL
    description Evgeny Kotkov discovered a NULL pointer dereference while processing REPORT requests in mod_dav_svn, the Subversion component which is used to serve repositories with the Apache web server. A remote attacker could abuse this vulnerability for a denial of service.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 80207
    published 2014-12-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=80207
    title Debian DSA-3107-1 : subversion - security update
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2015-0165.NASL
    description Updated subversion packages that fix two security issues are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Subversion (SVN) is a concurrent version control system which enables one or more users to collaborate in developing and maintaining a hierarchy of files and directories while keeping a history of all changes. The mod_dav_svn module is used with the Apache HTTP Server to allow access to Subversion repositories via HTTP. A NULL pointer dereference flaw was found in the way the mod_dav_svn module handled REPORT requests. A remote, unauthenticated attacker could use a specially crafted REPORT request to crash mod_dav_svn. (CVE-2014-3580) It was discovered that Subversion clients retrieved cached authentication credentials using the MD5 hash of the server realm string without also checking the server's URL. A malicious server able to provide a realm that triggers an MD5 collision could possibly use this flaw to obtain the credentials for a different realm. (CVE-2014-3528) Red Hat would like to thank the Subversion project for reporting CVE-2014-3580. Upstream acknowledges Evgeny Kotkov of VisualSVN as the original reporter. All subversion users should upgrade to these updated packages, which contain backported patches to correct these issues. After installing the updated packages, for the update to take effect, you must restart the httpd daemon, if you are using mod_dav_svn, and the svnserve daemon, if you are serving Subversion repositories via the svn:// protocol.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 81292
    published 2015-02-11
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=81292
    title RHEL 6 : subversion (RHSA-2015:0165)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-2721-1.NASL
    description It was discovered that the Subversion mod_dav_svn module incorrectly handled REPORT requests for a resource that does not exist. A remote attacker could use this issue to cause the server to crash, resulting in a denial of service. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2014-3580) It was discovered that the Subversion mod_dav_svn module incorrectly handled requests requiring a lookup for a virtual transaction name that does not exist. A remote attacker could use this issue to cause the server to crash, resulting in a denial of service. This issue only affected Ubuntu 14.04 LTS. (CVE-2014-8108) Evgeny Kotkov discovered that the Subversion mod_dav_svn module incorrectly handled large numbers of REPORT requests. A remote attacker could use this issue to cause the server to crash, resulting in a denial of service. This issue only affected Ubuntu 14.04 LTS and Ubuntu 15.04. (CVE-2015-0202) Evgeny Kotkov discovered that the Subversion mod_dav_svn and svnserve modules incorrectly certain crafted parameter combinations. A remote attacker could use this issue to cause the server to crash, resulting in a denial of service. (CVE-2015-0248) Ivan Zhakov discovered that the Subversion mod_dav_svn module incorrectly handled crafted v1 HTTP protocol request sequences. A remote attacker could use this issue to spoof the svn:author property. (CVE-2015-0251) C. Michael Pilato discovered that the Subversion mod_dav_svn module incorrectly restricted anonymous access. A remote attacker could use this issue to read hidden files via the path name. This issue only affected Ubuntu 14.04 LTS and Ubuntu 15.04. (CVE-2015-3184) C. Michael Pilato discovered that Subversion incorrectly handled path-based authorization. A remote attacker could use this issue to obtain sensitive path information. (CVE-2015-3187). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 85579
    published 2015-08-21
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=85579
    title Ubuntu 12.04 LTS / 14.04 LTS / 15.04 : subversion vulnerabilities (USN-2721-1)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2015-0165.NASL
    description From Red Hat Security Advisory 2015:0165 : Updated subversion packages that fix two security issues are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Subversion (SVN) is a concurrent version control system which enables one or more users to collaborate in developing and maintaining a hierarchy of files and directories while keeping a history of all changes. The mod_dav_svn module is used with the Apache HTTP Server to allow access to Subversion repositories via HTTP. A NULL pointer dereference flaw was found in the way the mod_dav_svn module handled REPORT requests. A remote, unauthenticated attacker could use a specially crafted REPORT request to crash mod_dav_svn. (CVE-2014-3580) It was discovered that Subversion clients retrieved cached authentication credentials using the MD5 hash of the server realm string without also checking the server's URL. A malicious server able to provide a realm that triggers an MD5 collision could possibly use this flaw to obtain the credentials for a different realm. (CVE-2014-3528) Red Hat would like to thank the Subversion project for reporting CVE-2014-3580. Upstream acknowledges Evgeny Kotkov of VisualSVN as the original reporter. All subversion users should upgrade to these updated packages, which contain backported patches to correct these issues. After installing the updated packages, for the update to take effect, you must restart the httpd daemon, if you are using mod_dav_svn, and the svnserve daemon, if you are serving Subversion repositories via the svn:// protocol.
    last seen 2019-02-21
    modified 2018-07-18
    plugin id 81288
    published 2015-02-11
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=81288
    title Oracle Linux 6 : subversion (ELSA-2015-0165)
  • NASL family FreeBSD Local Security Checks
    NASL id FREEBSD_PKG_F5561ADE846C11E4B7A720CF30E32F6D.NASL
    description Subversion Project reports : Subversion's mod_dav_svn Apache HTTPD server module will crash when it receives a REPORT request for some invalid formatted special URIs. Subversion's mod_dav_svn Apache HTTPD server module will crash when it receives a request for some invalid formatted special URIs. We consider this to be a medium risk vulnerability. Repositories which allow for anonymous reads will be vulnerable without authentication. Unfortunately, no special configuration is required and all mod_dav_svn servers are vulnerable.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 80039
    published 2014-12-16
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=80039
    title FreeBSD : subversion -- DoS vulnerabilities (f5561ade-846c-11e4-b7a7-20cf30e32f6d)
redhat via4
advisories
  • bugzilla
    id 1174054
    title CVE-2014-3580 subversion: NULL pointer dereference flaw in mod_dav_svn when handling REPORT requests
    oval
    AND
    • OR
      • comment Red Hat Enterprise Linux 6 Client is installed
        oval oval:com.redhat.rhsa:tst:20100842001
      • comment Red Hat Enterprise Linux 6 Server is installed
        oval oval:com.redhat.rhsa:tst:20100842002
      • comment Red Hat Enterprise Linux 6 Workstation is installed
        oval oval:com.redhat.rhsa:tst:20100842003
      • comment Red Hat Enterprise Linux 6 ComputeNode is installed
        oval oval:com.redhat.rhsa:tst:20100842004
    • OR
      • AND
        • comment mod_dav_svn is earlier than 0:1.6.11-12.el6_6
          oval oval:com.redhat.rhsa:tst:20150165011
        • comment mod_dav_svn is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20110258014
      • AND
        • comment subversion is earlier than 0:1.6.11-12.el6_6
          oval oval:com.redhat.rhsa:tst:20150165005
        • comment subversion is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20110258006
      • AND
        • comment subversion-devel is earlier than 0:1.6.11-12.el6_6
          oval oval:com.redhat.rhsa:tst:20150165021
        • comment subversion-devel is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20110258020
      • AND
        • comment subversion-gnome is earlier than 0:1.6.11-12.el6_6
          oval oval:com.redhat.rhsa:tst:20150165019
        • comment subversion-gnome is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20110258018
      • AND
        • comment subversion-javahl is earlier than 0:1.6.11-12.el6_6
          oval oval:com.redhat.rhsa:tst:20150165017
        • comment subversion-javahl is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20110258022
      • AND
        • comment subversion-kde is earlier than 0:1.6.11-12.el6_6
          oval oval:com.redhat.rhsa:tst:20150165013
        • comment subversion-kde is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20110258010
      • AND
        • comment subversion-perl is earlier than 0:1.6.11-12.el6_6
          oval oval:com.redhat.rhsa:tst:20150165007
        • comment subversion-perl is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20110258016
      • AND
        • comment subversion-ruby is earlier than 0:1.6.11-12.el6_6
          oval oval:com.redhat.rhsa:tst:20150165009
        • comment subversion-ruby is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20110258008
      • AND
        • comment subversion-svn2cl is earlier than 0:1.6.11-12.el6_6
          oval oval:com.redhat.rhsa:tst:20150165015
        • comment subversion-svn2cl is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20110258012
    rhsa
    id RHSA-2015:0165
    released 2015-02-10
    severity Moderate
    title RHSA-2015:0165: subversion security update (Moderate)
  • rhsa
    id RHSA-2015:0166
rpms
  • mod_dav_svn-0:1.6.11-12.el6_6
  • subversion-0:1.6.11-12.el6_6
  • subversion-devel-0:1.6.11-12.el6_6
  • subversion-gnome-0:1.6.11-12.el6_6
  • subversion-javahl-0:1.6.11-12.el6_6
  • subversion-kde-0:1.6.11-12.el6_6
  • subversion-perl-0:1.6.11-12.el6_6
  • subversion-ruby-0:1.6.11-12.el6_6
  • subversion-svn2cl-0:1.6.11-12.el6_6
  • mod_dav_svn-0:1.7.14-7.el7_0
  • subversion-0:1.7.14-7.el7_0
  • subversion-devel-0:1.7.14-7.el7_0
  • subversion-gnome-0:1.7.14-7.el7_0
  • subversion-javahl-0:1.7.14-7.el7_0
  • subversion-kde-0:1.7.14-7.el7_0
  • subversion-libs-0:1.7.14-7.el7_0
  • subversion-perl-0:1.7.14-7.el7_0
  • subversion-python-0:1.7.14-7.el7_0
  • subversion-ruby-0:1.7.14-7.el7_0
  • subversion-tools-0:1.7.14-7.el7_0
refmap via4
apple APPLE-SA-2015-03-09-4
bid 71726
confirm
debian DSA-3107
secunia 61131
ubuntu USN-2721-1
Last major update 23-12-2016 - 21:59
Published 18-12-2014 - 10:59
Back to Top