ID CVE-2014-8108
Summary The mod_dav_svn Apache HTTPD server module in Apache Subversion 1.7.x before 1.7.19 and 1.8.x before 1.8.11 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a request for a URI that triggers a lookup for a virtual transaction name that does not exist. <a href="http://cwe.mitre.org/data/definitions/476.html">CWE-476: NULL Pointer Dereference</a>
References
Vulnerable Configurations
  • cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_hpc_node:7.0:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_hpc_node:7.0:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:subversion:1.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:apache:subversion:1.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:subversion:1.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:apache:subversion:1.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:subversion:1.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:apache:subversion:1.0.2:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:subversion:1.0.3:*:*:*:*:*:*:*
    cpe:2.3:a:apache:subversion:1.0.3:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:subversion:1.0.4:*:*:*:*:*:*:*
    cpe:2.3:a:apache:subversion:1.0.4:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:subversion:1.0.5:*:*:*:*:*:*:*
    cpe:2.3:a:apache:subversion:1.0.5:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:subversion:1.0.6:*:*:*:*:*:*:*
    cpe:2.3:a:apache:subversion:1.0.6:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:subversion:1.0.7:*:*:*:*:*:*:*
    cpe:2.3:a:apache:subversion:1.0.7:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:subversion:1.0.8:*:*:*:*:*:*:*
    cpe:2.3:a:apache:subversion:1.0.8:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:subversion:1.0.9:*:*:*:*:*:*:*
    cpe:2.3:a:apache:subversion:1.0.9:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:subversion:1.1.0:*:*:*:*:*:*:*
    cpe:2.3:a:apache:subversion:1.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:subversion:1.1.1:*:*:*:*:*:*:*
    cpe:2.3:a:apache:subversion:1.1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:subversion:1.1.2:*:*:*:*:*:*:*
    cpe:2.3:a:apache:subversion:1.1.2:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:subversion:1.1.3:*:*:*:*:*:*:*
    cpe:2.3:a:apache:subversion:1.1.3:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:subversion:1.1.4:*:*:*:*:*:*:*
    cpe:2.3:a:apache:subversion:1.1.4:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:subversion:1.2.0:*:*:*:*:*:*:*
    cpe:2.3:a:apache:subversion:1.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:subversion:1.2.1:*:*:*:*:*:*:*
    cpe:2.3:a:apache:subversion:1.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:subversion:1.2.2:*:*:*:*:*:*:*
    cpe:2.3:a:apache:subversion:1.2.2:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:subversion:1.2.3:*:*:*:*:*:*:*
    cpe:2.3:a:apache:subversion:1.2.3:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:subversion:1.3.0:*:*:*:*:*:*:*
    cpe:2.3:a:apache:subversion:1.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:subversion:1.3.1:*:*:*:*:*:*:*
    cpe:2.3:a:apache:subversion:1.3.1:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:subversion:1.3.2:*:*:*:*:*:*:*
    cpe:2.3:a:apache:subversion:1.3.2:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:subversion:1.4.0:*:*:*:*:*:*:*
    cpe:2.3:a:apache:subversion:1.4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:subversion:1.4.1:*:*:*:*:*:*:*
    cpe:2.3:a:apache:subversion:1.4.1:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:subversion:1.4.2:*:*:*:*:*:*:*
    cpe:2.3:a:apache:subversion:1.4.2:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:subversion:1.4.3:*:*:*:*:*:*:*
    cpe:2.3:a:apache:subversion:1.4.3:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:subversion:1.4.4:*:*:*:*:*:*:*
    cpe:2.3:a:apache:subversion:1.4.4:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:subversion:1.4.5:*:*:*:*:*:*:*
    cpe:2.3:a:apache:subversion:1.4.5:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:subversion:1.4.6:*:*:*:*:*:*:*
    cpe:2.3:a:apache:subversion:1.4.6:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:subversion:1.5.0:*:*:*:*:*:*:*
    cpe:2.3:a:apache:subversion:1.5.0:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:subversion:1.5.1:*:*:*:*:*:*:*
    cpe:2.3:a:apache:subversion:1.5.1:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:subversion:1.5.2:*:*:*:*:*:*:*
    cpe:2.3:a:apache:subversion:1.5.2:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:subversion:1.5.3:*:*:*:*:*:*:*
    cpe:2.3:a:apache:subversion:1.5.3:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:subversion:1.5.4:*:*:*:*:*:*:*
    cpe:2.3:a:apache:subversion:1.5.4:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:subversion:1.5.5:*:*:*:*:*:*:*
    cpe:2.3:a:apache:subversion:1.5.5:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:subversion:1.5.6:*:*:*:*:*:*:*
    cpe:2.3:a:apache:subversion:1.5.6:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:subversion:1.5.7:*:*:*:*:*:*:*
    cpe:2.3:a:apache:subversion:1.5.7:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:subversion:1.5.8:*:*:*:*:*:*:*
    cpe:2.3:a:apache:subversion:1.5.8:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:subversion:1.6.0:*:*:*:*:*:*:*
    cpe:2.3:a:apache:subversion:1.6.0:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:subversion:1.6.1:*:*:*:*:*:*:*
    cpe:2.3:a:apache:subversion:1.6.1:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:subversion:1.6.2:*:*:*:*:*:*:*
    cpe:2.3:a:apache:subversion:1.6.2:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:subversion:1.6.3:*:*:*:*:*:*:*
    cpe:2.3:a:apache:subversion:1.6.3:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:subversion:1.6.4:*:*:*:*:*:*:*
    cpe:2.3:a:apache:subversion:1.6.4:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:subversion:1.6.5:*:*:*:*:*:*:*
    cpe:2.3:a:apache:subversion:1.6.5:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:subversion:1.6.6:*:*:*:*:*:*:*
    cpe:2.3:a:apache:subversion:1.6.6:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:subversion:1.6.7:*:*:*:*:*:*:*
    cpe:2.3:a:apache:subversion:1.6.7:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:subversion:1.6.8:*:*:*:*:*:*:*
    cpe:2.3:a:apache:subversion:1.6.8:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:subversion:1.6.9:*:*:*:*:*:*:*
    cpe:2.3:a:apache:subversion:1.6.9:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:subversion:1.6.10:*:*:*:*:*:*:*
    cpe:2.3:a:apache:subversion:1.6.10:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:subversion:1.6.11:*:*:*:*:*:*:*
    cpe:2.3:a:apache:subversion:1.6.11:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:subversion:1.6.12:*:*:*:*:*:*:*
    cpe:2.3:a:apache:subversion:1.6.12:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:subversion:1.6.13:*:*:*:*:*:*:*
    cpe:2.3:a:apache:subversion:1.6.13:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:subversion:1.6.14:*:*:*:*:*:*:*
    cpe:2.3:a:apache:subversion:1.6.14:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:subversion:1.6.15:*:*:*:*:*:*:*
    cpe:2.3:a:apache:subversion:1.6.15:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:subversion:1.6.16:*:*:*:*:*:*:*
    cpe:2.3:a:apache:subversion:1.6.16:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:subversion:1.6.17:*:*:*:*:*:*:*
    cpe:2.3:a:apache:subversion:1.6.17:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:subversion:1.6.18:*:*:*:*:*:*:*
    cpe:2.3:a:apache:subversion:1.6.18:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:subversion:1.6.19:*:*:*:*:*:*:*
    cpe:2.3:a:apache:subversion:1.6.19:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:subversion:1.6.20:*:*:*:*:*:*:*
    cpe:2.3:a:apache:subversion:1.6.20:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:subversion:1.6.21:*:*:*:*:*:*:*
    cpe:2.3:a:apache:subversion:1.6.21:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:subversion:1.6.23:*:*:*:*:*:*:*
    cpe:2.3:a:apache:subversion:1.6.23:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:subversion:1.7.0:*:*:*:*:*:*:*
    cpe:2.3:a:apache:subversion:1.7.0:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:subversion:1.7.1:*:*:*:*:*:*:*
    cpe:2.3:a:apache:subversion:1.7.1:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:subversion:1.7.2:*:*:*:*:*:*:*
    cpe:2.3:a:apache:subversion:1.7.2:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:subversion:1.7.3:*:*:*:*:*:*:*
    cpe:2.3:a:apache:subversion:1.7.3:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:subversion:1.7.4:*:*:*:*:*:*:*
    cpe:2.3:a:apache:subversion:1.7.4:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:subversion:1.7.5:*:*:*:*:*:*:*
    cpe:2.3:a:apache:subversion:1.7.5:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:subversion:1.7.6:*:*:*:*:*:*:*
    cpe:2.3:a:apache:subversion:1.7.6:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:subversion:1.7.7:*:*:*:*:*:*:*
    cpe:2.3:a:apache:subversion:1.7.7:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:subversion:1.7.8:*:*:*:*:*:*:*
    cpe:2.3:a:apache:subversion:1.7.8:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:subversion:1.7.9:*:*:*:*:*:*:*
    cpe:2.3:a:apache:subversion:1.7.9:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:subversion:1.7.10:*:*:*:*:*:*:*
    cpe:2.3:a:apache:subversion:1.7.10:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:subversion:1.7.11:*:*:*:*:*:*:*
    cpe:2.3:a:apache:subversion:1.7.11:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:subversion:1.7.12:*:*:*:*:*:*:*
    cpe:2.3:a:apache:subversion:1.7.12:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:subversion:1.7.13:*:*:*:*:*:*:*
    cpe:2.3:a:apache:subversion:1.7.13:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:subversion:1.7.14:*:*:*:*:*:*:*
    cpe:2.3:a:apache:subversion:1.7.14:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:subversion:1.7.15:*:*:*:*:*:*:*
    cpe:2.3:a:apache:subversion:1.7.15:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:subversion:1.7.16:*:*:*:*:*:*:*
    cpe:2.3:a:apache:subversion:1.7.16:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:subversion:1.7.17:*:*:*:*:*:*:*
    cpe:2.3:a:apache:subversion:1.7.17:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:subversion:1.7.18:*:*:*:*:*:*:*
    cpe:2.3:a:apache:subversion:1.7.18:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:subversion:1.7.19:*:*:*:*:*:*:*
    cpe:2.3:a:apache:subversion:1.7.19:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:subversion:1.8.0:*:*:*:*:*:*:*
    cpe:2.3:a:apache:subversion:1.8.0:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:subversion:1.8.1:*:*:*:*:*:*:*
    cpe:2.3:a:apache:subversion:1.8.1:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:subversion:1.8.2:*:*:*:*:*:*:*
    cpe:2.3:a:apache:subversion:1.8.2:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:subversion:1.8.3:*:*:*:*:*:*:*
    cpe:2.3:a:apache:subversion:1.8.3:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:subversion:1.8.4:*:*:*:*:*:*:*
    cpe:2.3:a:apache:subversion:1.8.4:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:subversion:1.8.5:*:*:*:*:*:*:*
    cpe:2.3:a:apache:subversion:1.8.5:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:subversion:1.8.6:*:*:*:*:*:*:*
    cpe:2.3:a:apache:subversion:1.8.6:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:subversion:1.8.7:*:*:*:*:*:*:*
    cpe:2.3:a:apache:subversion:1.8.7:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:subversion:1.8.8:*:*:*:*:*:*:*
    cpe:2.3:a:apache:subversion:1.8.8:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:subversion:1.8.10:*:*:*:*:*:*:*
    cpe:2.3:a:apache:subversion:1.8.10:*:*:*:*:*:*:*
  • cpe:2.3:a:apple:xcode:6.1.1:*:*:*:*:*:*:*
    cpe:2.3:a:apple:xcode:6.1.1:*:*:*:*:*:*:*
CVSS
Base: 5.0 (as of 03-01-2017 - 02:59)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:N/I:N/A:P
redhat via4
advisories
bugzilla
id 1174057
title CVE-2014-8108 subversion: NULL pointer dereference flaw in mod_dav_svn when handling URIs for virtual transaction names
oval
AND
  • OR
    • comment Red Hat Enterprise Linux 7 Client is installed
      oval oval:com.redhat.rhba:tst:20150364001
    • comment Red Hat Enterprise Linux 7 Server is installed
      oval oval:com.redhat.rhba:tst:20150364002
    • comment Red Hat Enterprise Linux 7 Workstation is installed
      oval oval:com.redhat.rhba:tst:20150364003
    • comment Red Hat Enterprise Linux 7 ComputeNode is installed
      oval oval:com.redhat.rhba:tst:20150364004
  • OR
    • AND
      • comment mod_dav_svn is earlier than 0:1.7.14-7.el7_0
        oval oval:com.redhat.rhsa:tst:20150166015
      • comment mod_dav_svn is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20110258014
    • AND
      • comment subversion is earlier than 0:1.7.14-7.el7_0
        oval oval:com.redhat.rhsa:tst:20150166005
      • comment subversion is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20110258006
    • AND
      • comment subversion-devel is earlier than 0:1.7.14-7.el7_0
        oval oval:com.redhat.rhsa:tst:20150166025
      • comment subversion-devel is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20110258020
    • AND
      • comment subversion-gnome is earlier than 0:1.7.14-7.el7_0
        oval oval:com.redhat.rhsa:tst:20150166017
      • comment subversion-gnome is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20110258018
    • AND
      • comment subversion-javahl is earlier than 0:1.7.14-7.el7_0
        oval oval:com.redhat.rhsa:tst:20150166019
      • comment subversion-javahl is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20110258022
    • AND
      • comment subversion-kde is earlier than 0:1.7.14-7.el7_0
        oval oval:com.redhat.rhsa:tst:20150166007
      • comment subversion-kde is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20110258010
    • AND
      • comment subversion-libs is earlier than 0:1.7.14-7.el7_0
        oval oval:com.redhat.rhsa:tst:20150166013
      • comment subversion-libs is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20150166014
    • AND
      • comment subversion-perl is earlier than 0:1.7.14-7.el7_0
        oval oval:com.redhat.rhsa:tst:20150166023
      • comment subversion-perl is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20110258016
    • AND
      • comment subversion-python is earlier than 0:1.7.14-7.el7_0
        oval oval:com.redhat.rhsa:tst:20150166011
      • comment subversion-python is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20150166012
    • AND
      • comment subversion-ruby is earlier than 0:1.7.14-7.el7_0
        oval oval:com.redhat.rhsa:tst:20150166009
      • comment subversion-ruby is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20110258008
    • AND
      • comment subversion-tools is earlier than 0:1.7.14-7.el7_0
        oval oval:com.redhat.rhsa:tst:20150166021
      • comment subversion-tools is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20150166022
rhsa
id RHSA-2015:0166
released 2015-02-10
severity Moderate
title RHSA-2015:0166: subversion security update (Moderate)
rpms
  • mod_dav_svn-0:1.7.14-7.el7_0
  • subversion-0:1.7.14-7.el7_0
  • subversion-devel-0:1.7.14-7.el7_0
  • subversion-gnome-0:1.7.14-7.el7_0
  • subversion-javahl-0:1.7.14-7.el7_0
  • subversion-kde-0:1.7.14-7.el7_0
  • subversion-libs-0:1.7.14-7.el7_0
  • subversion-perl-0:1.7.14-7.el7_0
  • subversion-python-0:1.7.14-7.el7_0
  • subversion-ruby-0:1.7.14-7.el7_0
  • subversion-tools-0:1.7.14-7.el7_0
refmap via4
apple APPLE-SA-2015-03-09-4
bid 71725
confirm
secunia 61131
ubuntu USN-2721-1
Last major update 03-01-2017 - 02:59
Published 18-12-2014 - 15:59
Back to Top