ID CVE-2014-8108
Summary The mod_dav_svn Apache HTTPD server module in Apache Subversion 1.7.x before 1.7.19 and 1.8.x before 1.8.11 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a request for a URI that triggers a lookup for a virtual transaction name that does not exist.
References
Vulnerable Configurations
  • RedHat Enterprise Linux Desktop 7.0
    cpe:2.3:o:redhat:enterprise_linux_desktop:7.0
  • RedHat Enterprise Linux Server 7.0
    cpe:2.3:o:redhat:enterprise_linux_server:7.0
  • RedHat Enterprise Linux Workstation 7.0
    cpe:2.3:o:redhat:enterprise_linux_workstation:7.0
  • RedHat Enterprise Linux HPC Node 7.0
    cpe:2.3:o:redhat:enterprise_linux_hpc_node:7.0
  • Apache Software Foundation Subversion 1.0.0
    cpe:2.3:a:apache:subversion:1.0.0
  • Apache Software Foundation Subversion 1.0.1
    cpe:2.3:a:apache:subversion:1.0.1
  • Apache Software Foundation Subversion 1.0.2
    cpe:2.3:a:apache:subversion:1.0.2
  • Apache Software Foundation Subversion 1.0.3
    cpe:2.3:a:apache:subversion:1.0.3
  • Apache Software Foundation Subversion 1.0.4
    cpe:2.3:a:apache:subversion:1.0.4
  • Apache Software Foundation Subversion 1.0.5
    cpe:2.3:a:apache:subversion:1.0.5
  • Apache Software Foundation Subversion 1.0.6
    cpe:2.3:a:apache:subversion:1.0.6
  • Apache Software Foundation Subversion 1.0.7
    cpe:2.3:a:apache:subversion:1.0.7
  • Apache Software Foundation Subversion 1.0.8
    cpe:2.3:a:apache:subversion:1.0.8
  • Apache Software Foundation Subversion 1.0.9
    cpe:2.3:a:apache:subversion:1.0.9
  • Apache Software Foundation Subversion 1.1.0
    cpe:2.3:a:apache:subversion:1.1.0
  • Apache Software Foundation Subversion 1.1.1
    cpe:2.3:a:apache:subversion:1.1.1
  • Apache Software Foundation Subversion 1.1.2
    cpe:2.3:a:apache:subversion:1.1.2
  • Apache Software Foundation Subversion 1.1.3
    cpe:2.3:a:apache:subversion:1.1.3
  • Apache Software Foundation Subversion 1.1.4
    cpe:2.3:a:apache:subversion:1.1.4
  • Apache Software Foundation Subversion 1.2.0
    cpe:2.3:a:apache:subversion:1.2.0
  • Apache Software Foundation Subversion 1.2.1
    cpe:2.3:a:apache:subversion:1.2.1
  • Apache Software Foundation Subversion 1.2.2
    cpe:2.3:a:apache:subversion:1.2.2
  • Apache Software Foundation Subversion 1.2.3
    cpe:2.3:a:apache:subversion:1.2.3
  • Apache Software Foundation Subversion 1.3.0
    cpe:2.3:a:apache:subversion:1.3.0
  • Apache Software Foundation Subversion 1.3.1
    cpe:2.3:a:apache:subversion:1.3.1
  • Apache Software Foundation Subversion 1.3.2
    cpe:2.3:a:apache:subversion:1.3.2
  • Apache Software Foundation Subversion 1.4.0
    cpe:2.3:a:apache:subversion:1.4.0
  • Apache Software Foundation Subversion 1.4.1
    cpe:2.3:a:apache:subversion:1.4.1
  • Apache Software Foundation Subversion 1.4.2
    cpe:2.3:a:apache:subversion:1.4.2
  • Apache Software Foundation Subversion 1.4.3
    cpe:2.3:a:apache:subversion:1.4.3
  • Apache Software Foundation Subversion 1.4.4
    cpe:2.3:a:apache:subversion:1.4.4
  • Apache Software Foundation Subversion 1.4.5
    cpe:2.3:a:apache:subversion:1.4.5
  • Apache Software Foundation Subversion 1.4.6
    cpe:2.3:a:apache:subversion:1.4.6
  • Apache Software Foundation Subversion 1.5.0
    cpe:2.3:a:apache:subversion:1.5.0
  • Apache Software Foundation Subversion 1.5.1
    cpe:2.3:a:apache:subversion:1.5.1
  • Apache Software Foundation Subversion 1.5.2
    cpe:2.3:a:apache:subversion:1.5.2
  • Apache Software Foundation Subversion 1.5.3
    cpe:2.3:a:apache:subversion:1.5.3
  • Apache Software Foundation Subversion 1.5.4
    cpe:2.3:a:apache:subversion:1.5.4
  • Apache Software Foundation Subversion 1.5.5
    cpe:2.3:a:apache:subversion:1.5.5
  • Apache Software Foundation Subversion 1.5.6
    cpe:2.3:a:apache:subversion:1.5.6
  • Apache Software Foundation Subversion 1.5.7
    cpe:2.3:a:apache:subversion:1.5.7
  • Apache Software Foundation Subversion 1.5.8
    cpe:2.3:a:apache:subversion:1.5.8
  • Apache Software Foundation Subversion 1.6.0
    cpe:2.3:a:apache:subversion:1.6.0
  • Apache Software Foundation Subversion 1.6.1
    cpe:2.3:a:apache:subversion:1.6.1
  • Apache Software Foundation Subversion 1.6.10
    cpe:2.3:a:apache:subversion:1.6.10
  • Apache Software Foundation Subversion 1.6.11
    cpe:2.3:a:apache:subversion:1.6.11
  • Apache Software Foundation Subversion 1.6.12
    cpe:2.3:a:apache:subversion:1.6.12
  • Apache Software Foundation Subversion 1.6.13
    cpe:2.3:a:apache:subversion:1.6.13
  • Apache Software Foundation Subversion 1.6.14
    cpe:2.3:a:apache:subversion:1.6.14
  • Apache Software Foundation Subversion 1.6.15
    cpe:2.3:a:apache:subversion:1.6.15
  • Apache Software Foundation Subversion 1.6.16
    cpe:2.3:a:apache:subversion:1.6.16
  • Apache Software Foundation Subversion 1.6.17
    cpe:2.3:a:apache:subversion:1.6.17
  • Apache Software Foundation Subversion 1.6.18
    cpe:2.3:a:apache:subversion:1.6.18
  • Apache Software Foundation Subversion 1.6.19
    cpe:2.3:a:apache:subversion:1.6.19
  • Apache Software Foundation Subversion 1.6.2
    cpe:2.3:a:apache:subversion:1.6.2
  • Apache Software Foundation Subversion 1.6.20
    cpe:2.3:a:apache:subversion:1.6.20
  • Apache Software Foundation Subversion 1.6.21
    cpe:2.3:a:apache:subversion:1.6.21
  • Apache Software Foundation Subversion 1.6.23
    cpe:2.3:a:apache:subversion:1.6.23
  • Apache Software Foundation Subversion 1.6.3
    cpe:2.3:a:apache:subversion:1.6.3
  • Apache Software Foundation Subversion 1.6.4
    cpe:2.3:a:apache:subversion:1.6.4
  • Apache Software Foundation Subversion 1.6.5
    cpe:2.3:a:apache:subversion:1.6.5
  • Apache Software Foundation Subversion 1.6.6
    cpe:2.3:a:apache:subversion:1.6.6
  • Apache Software Foundation Subversion 1.6.7
    cpe:2.3:a:apache:subversion:1.6.7
  • Apache Software Foundation Subversion 1.6.8
    cpe:2.3:a:apache:subversion:1.6.8
  • Apache Software Foundation Subversion 1.6.9
    cpe:2.3:a:apache:subversion:1.6.9
  • Apache Software Foundation Subversion 1.7.0
    cpe:2.3:a:apache:subversion:1.7.0
  • Apache Software Foundation Subversion 1.7.1
    cpe:2.3:a:apache:subversion:1.7.1
  • Apache Software Foundation Subversion 1.7.10
    cpe:2.3:a:apache:subversion:1.7.10
  • Apache Software Foundation Subversion 1.7.11
    cpe:2.3:a:apache:subversion:1.7.11
  • Apache Software Foundation Subversion 1.7.12
    cpe:2.3:a:apache:subversion:1.7.12
  • Apache Software Foundation Subversion 1.7.13
    cpe:2.3:a:apache:subversion:1.7.13
  • Apache Software Foundation Subversion 1.7.14
    cpe:2.3:a:apache:subversion:1.7.14
  • Apache Software Foundation Subversion 1.7.15
    cpe:2.3:a:apache:subversion:1.7.15
  • Apache Software Foundation Subversion 1.7.16
    cpe:2.3:a:apache:subversion:1.7.16
  • Apache Software Foundation Subversion 1.7.17
    cpe:2.3:a:apache:subversion:1.7.17
  • Apache Software Foundation Subversion 1.7.18
    cpe:2.3:a:apache:subversion:1.7.18
  • Apache Software Foundation Subversion 1.7.19
    cpe:2.3:a:apache:subversion:1.7.19
  • Apache Software Foundation Subversion 1.7.2
    cpe:2.3:a:apache:subversion:1.7.2
  • Apache Software Foundation Subversion 1.7.3
    cpe:2.3:a:apache:subversion:1.7.3
  • Apache Software Foundation Subversion 1.7.4
    cpe:2.3:a:apache:subversion:1.7.4
  • Apache Software Foundation Subversion 1.7.5
    cpe:2.3:a:apache:subversion:1.7.5
  • Apache Software Foundation Subversion 1.7.6
    cpe:2.3:a:apache:subversion:1.7.6
  • Apache Software Foundation Subversion 1.7.7
    cpe:2.3:a:apache:subversion:1.7.7
  • Apache Software Foundation Subversion 1.7.8
    cpe:2.3:a:apache:subversion:1.7.8
  • Apache Software Foundation Subversion 1.7.9
    cpe:2.3:a:apache:subversion:1.7.9
  • Apache Software Foundation Subversion 1.8.0
    cpe:2.3:a:apache:subversion:1.8.0
  • Apache Software Foundation Subversion 1.8.1
    cpe:2.3:a:apache:subversion:1.8.1
  • Apache Software Foundation Subversion 1.8.2
    cpe:2.3:a:apache:subversion:1.8.2
  • Apache Software Foundation Subversion 1.8.3
    cpe:2.3:a:apache:subversion:1.8.3
  • Apache Software Foundation Subversion 1.8.4
    cpe:2.3:a:apache:subversion:1.8.4
  • Apache Software Foundation Subversion 1.8.5
    cpe:2.3:a:apache:subversion:1.8.5
  • Apache Software Foundation Subversion 1.8.6
    cpe:2.3:a:apache:subversion:1.8.6
  • Apache Software Foundation Subversion 1.8.7
    cpe:2.3:a:apache:subversion:1.8.7
  • Apache Software Foundation Subversion 1.8.8
    cpe:2.3:a:apache:subversion:1.8.8
  • Apache Software Foundation Subversion 1.8.10
    cpe:2.3:a:apache:subversion:1.8.10
  • Apple Xcode 6.1.1
    cpe:2.3:a:apple:xcode:6.1.1
CVSS
Base: 5.0 (as of 02-09-2016 - 16:07)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
redhat via4
advisories
bugzilla
id 1174057
title CVE-2014-8108 subversion: NULL pointer dereference flaw in mod_dav_svn when handling URIs for virtual transaction names
oval
AND
  • OR
    • comment Red Hat Enterprise Linux 7 Client is installed
      oval oval:com.redhat.rhsa:tst:20140675001
    • comment Red Hat Enterprise Linux 7 Server is installed
      oval oval:com.redhat.rhsa:tst:20140675002
    • comment Red Hat Enterprise Linux 7 Workstation is installed
      oval oval:com.redhat.rhsa:tst:20140675003
    • comment Red Hat Enterprise Linux 7 ComputeNode is installed
      oval oval:com.redhat.rhsa:tst:20140675004
  • OR
    • AND
      • comment mod_dav_svn is earlier than 0:1.7.14-7.el7_0
        oval oval:com.redhat.rhsa:tst:20150166015
      • comment mod_dav_svn is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20110258014
    • AND
      • comment subversion is earlier than 0:1.7.14-7.el7_0
        oval oval:com.redhat.rhsa:tst:20150166005
      • comment subversion is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20110258006
    • AND
      • comment subversion-devel is earlier than 0:1.7.14-7.el7_0
        oval oval:com.redhat.rhsa:tst:20150166025
      • comment subversion-devel is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20110258020
    • AND
      • comment subversion-gnome is earlier than 0:1.7.14-7.el7_0
        oval oval:com.redhat.rhsa:tst:20150166017
      • comment subversion-gnome is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20110258018
    • AND
      • comment subversion-javahl is earlier than 0:1.7.14-7.el7_0
        oval oval:com.redhat.rhsa:tst:20150166019
      • comment subversion-javahl is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20110258022
    • AND
      • comment subversion-kde is earlier than 0:1.7.14-7.el7_0
        oval oval:com.redhat.rhsa:tst:20150166007
      • comment subversion-kde is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20110258010
    • AND
      • comment subversion-libs is earlier than 0:1.7.14-7.el7_0
        oval oval:com.redhat.rhsa:tst:20150166013
      • comment subversion-libs is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20150166014
    • AND
      • comment subversion-perl is earlier than 0:1.7.14-7.el7_0
        oval oval:com.redhat.rhsa:tst:20150166023
      • comment subversion-perl is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20110258016
    • AND
      • comment subversion-python is earlier than 0:1.7.14-7.el7_0
        oval oval:com.redhat.rhsa:tst:20150166011
      • comment subversion-python is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20150166012
    • AND
      • comment subversion-ruby is earlier than 0:1.7.14-7.el7_0
        oval oval:com.redhat.rhsa:tst:20150166009
      • comment subversion-ruby is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20110258008
    • AND
      • comment subversion-tools is earlier than 0:1.7.14-7.el7_0
        oval oval:com.redhat.rhsa:tst:20150166021
      • comment subversion-tools is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20150166022
rhsa
id RHSA-2015:0166
released 2015-02-10
severity Moderate
title RHSA-2015:0166: subversion security update (Moderate)
rpms
  • mod_dav_svn-0:1.7.14-7.el7_0
  • subversion-0:1.7.14-7.el7_0
  • subversion-devel-0:1.7.14-7.el7_0
  • subversion-gnome-0:1.7.14-7.el7_0
  • subversion-javahl-0:1.7.14-7.el7_0
  • subversion-kde-0:1.7.14-7.el7_0
  • subversion-libs-0:1.7.14-7.el7_0
  • subversion-perl-0:1.7.14-7.el7_0
  • subversion-python-0:1.7.14-7.el7_0
  • subversion-ruby-0:1.7.14-7.el7_0
  • subversion-tools-0:1.7.14-7.el7_0
refmap via4
apple APPLE-SA-2015-03-09-4
bid 71725
confirm
secunia 61131
ubuntu USN-2721-1
Last major update 02-01-2017 - 21:59
Published 18-12-2014 - 10:59
Back to Top