ID CVE-2014-8108
Summary The mod_dav_svn Apache HTTPD server module in Apache Subversion 1.7.x before 1.7.19 and 1.8.x before 1.8.11 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a request for a URI that triggers a lookup for a virtual transaction name that does not exist.
References
Vulnerable Configurations
  • RedHat Enterprise Linux Desktop 7.0
    cpe:2.3:o:redhat:enterprise_linux_desktop:7.0
  • RedHat Enterprise Linux Server 7.0
    cpe:2.3:o:redhat:enterprise_linux_server:7.0
  • RedHat Enterprise Linux Workstation 7.0
    cpe:2.3:o:redhat:enterprise_linux_workstation:7.0
  • RedHat Enterprise Linux HPC Node 7.0
    cpe:2.3:o:redhat:enterprise_linux_hpc_node:7.0
  • Apache Software Foundation Subversion 1.0.0
    cpe:2.3:a:apache:subversion:1.0.0
  • Apache Software Foundation Subversion 1.0.1
    cpe:2.3:a:apache:subversion:1.0.1
  • Apache Software Foundation Subversion 1.0.2
    cpe:2.3:a:apache:subversion:1.0.2
  • Apache Software Foundation Subversion 1.0.3
    cpe:2.3:a:apache:subversion:1.0.3
  • Apache Software Foundation Subversion 1.0.4
    cpe:2.3:a:apache:subversion:1.0.4
  • Apache Software Foundation Subversion 1.0.5
    cpe:2.3:a:apache:subversion:1.0.5
  • Apache Software Foundation Subversion 1.0.6
    cpe:2.3:a:apache:subversion:1.0.6
  • Apache Software Foundation Subversion 1.0.7
    cpe:2.3:a:apache:subversion:1.0.7
  • Apache Software Foundation Subversion 1.0.8
    cpe:2.3:a:apache:subversion:1.0.8
  • Apache Software Foundation Subversion 1.0.9
    cpe:2.3:a:apache:subversion:1.0.9
  • Apache Software Foundation Subversion 1.1.0
    cpe:2.3:a:apache:subversion:1.1.0
  • Apache Software Foundation Subversion 1.1.1
    cpe:2.3:a:apache:subversion:1.1.1
  • Apache Software Foundation Subversion 1.1.2
    cpe:2.3:a:apache:subversion:1.1.2
  • Apache Software Foundation Subversion 1.1.3
    cpe:2.3:a:apache:subversion:1.1.3
  • Apache Software Foundation Subversion 1.1.4
    cpe:2.3:a:apache:subversion:1.1.4
  • Apache Software Foundation Subversion 1.2.0
    cpe:2.3:a:apache:subversion:1.2.0
  • Apache Software Foundation Subversion 1.2.1
    cpe:2.3:a:apache:subversion:1.2.1
  • Apache Software Foundation Subversion 1.2.2
    cpe:2.3:a:apache:subversion:1.2.2
  • Apache Software Foundation Subversion 1.2.3
    cpe:2.3:a:apache:subversion:1.2.3
  • Apache Software Foundation Subversion 1.3.0
    cpe:2.3:a:apache:subversion:1.3.0
  • Apache Software Foundation Subversion 1.3.1
    cpe:2.3:a:apache:subversion:1.3.1
  • Apache Software Foundation Subversion 1.3.2
    cpe:2.3:a:apache:subversion:1.3.2
  • Apache Software Foundation Subversion 1.4.0
    cpe:2.3:a:apache:subversion:1.4.0
  • Apache Software Foundation Subversion 1.4.1
    cpe:2.3:a:apache:subversion:1.4.1
  • Apache Software Foundation Subversion 1.4.2
    cpe:2.3:a:apache:subversion:1.4.2
  • Apache Software Foundation Subversion 1.4.3
    cpe:2.3:a:apache:subversion:1.4.3
  • Apache Software Foundation Subversion 1.4.4
    cpe:2.3:a:apache:subversion:1.4.4
  • Apache Software Foundation Subversion 1.4.5
    cpe:2.3:a:apache:subversion:1.4.5
  • Apache Software Foundation Subversion 1.4.6
    cpe:2.3:a:apache:subversion:1.4.6
  • Apache Software Foundation Subversion 1.5.0
    cpe:2.3:a:apache:subversion:1.5.0
  • Apache Software Foundation Subversion 1.5.1
    cpe:2.3:a:apache:subversion:1.5.1
  • Apache Software Foundation Subversion 1.5.2
    cpe:2.3:a:apache:subversion:1.5.2
  • Apache Software Foundation Subversion 1.5.3
    cpe:2.3:a:apache:subversion:1.5.3
  • Apache Software Foundation Subversion 1.5.4
    cpe:2.3:a:apache:subversion:1.5.4
  • Apache Software Foundation Subversion 1.5.5
    cpe:2.3:a:apache:subversion:1.5.5
  • Apache Software Foundation Subversion 1.5.6
    cpe:2.3:a:apache:subversion:1.5.6
  • Apache Software Foundation Subversion 1.5.7
    cpe:2.3:a:apache:subversion:1.5.7
  • Apache Software Foundation Subversion 1.5.8
    cpe:2.3:a:apache:subversion:1.5.8
  • Apache Software Foundation Subversion 1.6.0
    cpe:2.3:a:apache:subversion:1.6.0
  • Apache Software Foundation Subversion 1.6.1
    cpe:2.3:a:apache:subversion:1.6.1
  • Apache Software Foundation Subversion 1.6.10
    cpe:2.3:a:apache:subversion:1.6.10
  • Apache Software Foundation Subversion 1.6.11
    cpe:2.3:a:apache:subversion:1.6.11
  • Apache Software Foundation Subversion 1.6.12
    cpe:2.3:a:apache:subversion:1.6.12
  • Apache Software Foundation Subversion 1.6.13
    cpe:2.3:a:apache:subversion:1.6.13
  • Apache Software Foundation Subversion 1.6.14
    cpe:2.3:a:apache:subversion:1.6.14
  • Apache Software Foundation Subversion 1.6.15
    cpe:2.3:a:apache:subversion:1.6.15
  • Apache Software Foundation Subversion 1.6.16
    cpe:2.3:a:apache:subversion:1.6.16
  • Apache Software Foundation Subversion 1.6.17
    cpe:2.3:a:apache:subversion:1.6.17
  • Apache Software Foundation Subversion 1.6.18
    cpe:2.3:a:apache:subversion:1.6.18
  • Apache Software Foundation Subversion 1.6.19
    cpe:2.3:a:apache:subversion:1.6.19
  • Apache Software Foundation Subversion 1.6.2
    cpe:2.3:a:apache:subversion:1.6.2
  • Apache Software Foundation Subversion 1.6.20
    cpe:2.3:a:apache:subversion:1.6.20
  • Apache Software Foundation Subversion 1.6.21
    cpe:2.3:a:apache:subversion:1.6.21
  • Apache Software Foundation Subversion 1.6.23
    cpe:2.3:a:apache:subversion:1.6.23
  • Apache Software Foundation Subversion 1.6.3
    cpe:2.3:a:apache:subversion:1.6.3
  • Apache Software Foundation Subversion 1.6.4
    cpe:2.3:a:apache:subversion:1.6.4
  • Apache Software Foundation Subversion 1.6.5
    cpe:2.3:a:apache:subversion:1.6.5
  • Apache Software Foundation Subversion 1.6.6
    cpe:2.3:a:apache:subversion:1.6.6
  • Apache Software Foundation Subversion 1.6.7
    cpe:2.3:a:apache:subversion:1.6.7
  • Apache Software Foundation Subversion 1.6.8
    cpe:2.3:a:apache:subversion:1.6.8
  • Apache Software Foundation Subversion 1.6.9
    cpe:2.3:a:apache:subversion:1.6.9
  • Apache Software Foundation Subversion 1.7.0
    cpe:2.3:a:apache:subversion:1.7.0
  • Apache Software Foundation Subversion 1.7.1
    cpe:2.3:a:apache:subversion:1.7.1
  • Apache Software Foundation Subversion 1.7.10
    cpe:2.3:a:apache:subversion:1.7.10
  • Apache Software Foundation Subversion 1.7.11
    cpe:2.3:a:apache:subversion:1.7.11
  • Apache Software Foundation Subversion 1.7.12
    cpe:2.3:a:apache:subversion:1.7.12
  • Apache Software Foundation Subversion 1.7.13
    cpe:2.3:a:apache:subversion:1.7.13
  • Apache Software Foundation Subversion 1.7.14
    cpe:2.3:a:apache:subversion:1.7.14
  • Apache Software Foundation Subversion 1.7.15
    cpe:2.3:a:apache:subversion:1.7.15
  • Apache Software Foundation Subversion 1.7.16
    cpe:2.3:a:apache:subversion:1.7.16
  • Apache Software Foundation Subversion 1.7.17
    cpe:2.3:a:apache:subversion:1.7.17
  • Apache Software Foundation Subversion 1.7.18
    cpe:2.3:a:apache:subversion:1.7.18
  • Apache Software Foundation Subversion 1.7.19
    cpe:2.3:a:apache:subversion:1.7.19
  • Apache Software Foundation Subversion 1.7.2
    cpe:2.3:a:apache:subversion:1.7.2
  • Apache Software Foundation Subversion 1.7.3
    cpe:2.3:a:apache:subversion:1.7.3
  • Apache Software Foundation Subversion 1.7.4
    cpe:2.3:a:apache:subversion:1.7.4
  • Apache Software Foundation Subversion 1.7.5
    cpe:2.3:a:apache:subversion:1.7.5
  • Apache Software Foundation Subversion 1.7.6
    cpe:2.3:a:apache:subversion:1.7.6
  • Apache Software Foundation Subversion 1.7.7
    cpe:2.3:a:apache:subversion:1.7.7
  • Apache Software Foundation Subversion 1.7.8
    cpe:2.3:a:apache:subversion:1.7.8
  • Apache Software Foundation Subversion 1.7.9
    cpe:2.3:a:apache:subversion:1.7.9
  • Apache Software Foundation Subversion 1.8.0
    cpe:2.3:a:apache:subversion:1.8.0
  • Apache Software Foundation Subversion 1.8.1
    cpe:2.3:a:apache:subversion:1.8.1
  • Apache Software Foundation Subversion 1.8.2
    cpe:2.3:a:apache:subversion:1.8.2
  • Apache Software Foundation Subversion 1.8.3
    cpe:2.3:a:apache:subversion:1.8.3
  • Apache Software Foundation Subversion 1.8.4
    cpe:2.3:a:apache:subversion:1.8.4
  • Apache Software Foundation Subversion 1.8.5
    cpe:2.3:a:apache:subversion:1.8.5
  • Apache Software Foundation Subversion 1.8.6
    cpe:2.3:a:apache:subversion:1.8.6
  • Apache Software Foundation Subversion 1.8.7
    cpe:2.3:a:apache:subversion:1.8.7
  • Apache Software Foundation Subversion 1.8.8
    cpe:2.3:a:apache:subversion:1.8.8
  • Apache Software Foundation Subversion 1.8.10
    cpe:2.3:a:apache:subversion:1.8.10
  • Apple Xcode 6.1.1
    cpe:2.3:a:apple:xcode:6.1.1
CVSS
Base: 5.0 (as of 02-09-2016 - 16:07)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
nessus via4
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2015-0166.NASL
    description Updated subversion packages that fix three security issues are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Subversion (SVN) is a concurrent version control system which enables one or more users to collaborate in developing and maintaining a hierarchy of files and directories while keeping a history of all changes. The mod_dav_svn module is used with the Apache HTTP Server to allow access to Subversion repositories via HTTP. A NULL pointer dereference flaw was found in the way the mod_dav_svn module handled REPORT requests. A remote, unauthenticated attacker could use a specially crafted REPORT request to crash mod_dav_svn. (CVE-2014-3580) A NULL pointer dereference flaw was found in the way the mod_dav_svn module handled certain requests for URIs that trigger a lookup of a virtual transaction name. A remote, unauthenticated attacker could send a request for a virtual transaction name that does not exist, causing mod_dav_svn to crash. (CVE-2014-8108) It was discovered that Subversion clients retrieved cached authentication credentials using the MD5 hash of the server realm string without also checking the server's URL. A malicious server able to provide a realm that triggers an MD5 collision could possibly use this flaw to obtain the credentials for a different realm. (CVE-2014-3528) Red Hat would like to thank the Subversion project for reporting CVE-2014-3580 and CVE-2014-8108. Upstream acknowledges Evgeny Kotkov of VisualSVN as the original reporter. All subversion users should upgrade to these updated packages, which contain backported patches to correct these issues. After installing the updated packages, for the update to take effect, you must restart the httpd daemon, if you are using mod_dav_svn, and the svnserve daemon, if you are serving Subversion repositories via the svn:// protocol.
    last seen 2018-09-01
    modified 2018-07-26
    plugin id 81293
    published 2015-02-11
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=81293
    title RHEL 7 : subversion (RHSA-2015:0166)
  • NASL family Amazon Linux Local Security Checks
    NASL id ALA_ALAS-2015-555.NASL
    description A NULL pointer dereference flaw was found in the way the mod_dav_svn module handled certain requests for URIs that trigger a lookup of a virtual transaction name. A remote, unauthenticated attacker could send a request for a virtual transaction name that does not exist, causing mod_dav_svn to crash. (CVE-2014-8108) A NULL pointer dereference flaw was found in the way the mod_dav_svn module handled REPORT requests. A remote, unauthenticated attacker could use a specially crafted REPORT request to crash mod_dav_svn. (CVE-2014-3580)
    last seen 2018-09-01
    modified 2018-04-18
    plugin id 84372
    published 2015-06-25
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=84372
    title Amazon Linux AMI : mod_dav_svn / subversion (ALAS-2015-555)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2014-17118.NASL
    description This update includes the latest stable release of **Apache Subversion**, version **1.8.11**. Two security issues in mod_dav_svn are addressed in this release (CVE-2014-8108, CVE-2014-3580). For more details, see : http://subversion.apache.org/security/CVE-2014-8108-advisory.txt http://subversion.apache.org/security/CVE-2014-3580-advisory.txt **Client-side bugfixes:** - checkout/update: fix file externals failing to follow history and subsequently silently failing http://subversion.tigris.org/issues/show_bug.cgi?id=4185 - patch: don't skip targets in valid --git difs - diff: make property output in diffs stable - diff: fix diff of local copied directory with props - diff: fix changelist filter for repos-WC and WC-WC - remove broken conflict resolver menu options that always error out - improve gpg-agent support - fix crash in eclipse IDE with GNOME Keyring http://subversion.tigris.org/issues/show_bug.cgi?id=34 98 - fix externals shadowing a versioned directory http://subversion.tigris.org/issues/show_bug.cgi?id=40 85 - fix problems working on unix file systems that don't support permissions - upgrade: keep external registrations http://subversion.tigris.org/issues/show_bug.cgi?id=45 19 - cleanup: iprove performance of recorded timestamp fixups - translation updates for German **Server-side bugfixes:** - disable revprop caching feature due to cache invalidation problems - skip generating uniquifiers if rep-sharing is not supported - mod_dav_svn: reject requests with missing repository paths - mod_dav_svn: reject requests with invalid virtual transaction names - mod_dav_svn: avoid unneeded memory growth in resource walking http://subversion.tigris.org/issues/show_bug.cgi?id=45 31 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2018-09-02
    modified 2015-10-19
    plugin id 80373
    published 2015-01-06
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=80373
    title Fedora 21 : subversion-1.8.11-1.fc21 (2014-17118)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-2721-1.NASL
    description It was discovered that the Subversion mod_dav_svn module incorrectly handled REPORT requests for a resource that does not exist. A remote attacker could use this issue to cause the server to crash, resulting in a denial of service. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2014-3580) It was discovered that the Subversion mod_dav_svn module incorrectly handled requests requiring a lookup for a virtual transaction name that does not exist. A remote attacker could use this issue to cause the server to crash, resulting in a denial of service. This issue only affected Ubuntu 14.04 LTS. (CVE-2014-8108) Evgeny Kotkov discovered that the Subversion mod_dav_svn module incorrectly handled large numbers of REPORT requests. A remote attacker could use this issue to cause the server to crash, resulting in a denial of service. This issue only affected Ubuntu 14.04 LTS and Ubuntu 15.04. (CVE-2015-0202) Evgeny Kotkov discovered that the Subversion mod_dav_svn and svnserve modules incorrectly certain crafted parameter combinations. A remote attacker could use this issue to cause the server to crash, resulting in a denial of service. (CVE-2015-0248) Ivan Zhakov discovered that the Subversion mod_dav_svn module incorrectly handled crafted v1 HTTP protocol request sequences. A remote attacker could use this issue to spoof the svn:author property. (CVE-2015-0251) C. Michael Pilato discovered that the Subversion mod_dav_svn module incorrectly restricted anonymous access. A remote attacker could use this issue to read hidden files via the path name. This issue only affected Ubuntu 14.04 LTS and Ubuntu 15.04. (CVE-2015-3184) C. Michael Pilato discovered that Subversion incorrectly handled path-based authorization. A remote attacker could use this issue to obtain sensitive path information. (CVE-2015-3187). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2018-09-01
    modified 2018-08-03
    plugin id 85579
    published 2015-08-21
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=85579
    title Ubuntu 12.04 LTS / 14.04 LTS / 15.04 : subversion vulnerabilities (USN-2721-1)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2015-0166.NASL
    description From Red Hat Security Advisory 2015:0166 : Updated subversion packages that fix three security issues are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Subversion (SVN) is a concurrent version control system which enables one or more users to collaborate in developing and maintaining a hierarchy of files and directories while keeping a history of all changes. The mod_dav_svn module is used with the Apache HTTP Server to allow access to Subversion repositories via HTTP. A NULL pointer dereference flaw was found in the way the mod_dav_svn module handled REPORT requests. A remote, unauthenticated attacker could use a specially crafted REPORT request to crash mod_dav_svn. (CVE-2014-3580) A NULL pointer dereference flaw was found in the way the mod_dav_svn module handled certain requests for URIs that trigger a lookup of a virtual transaction name. A remote, unauthenticated attacker could send a request for a virtual transaction name that does not exist, causing mod_dav_svn to crash. (CVE-2014-8108) It was discovered that Subversion clients retrieved cached authentication credentials using the MD5 hash of the server realm string without also checking the server's URL. A malicious server able to provide a realm that triggers an MD5 collision could possibly use this flaw to obtain the credentials for a different realm. (CVE-2014-3528) Red Hat would like to thank the Subversion project for reporting CVE-2014-3580 and CVE-2014-8108. Upstream acknowledges Evgeny Kotkov of VisualSVN as the original reporter. All subversion users should upgrade to these updated packages, which contain backported patches to correct these issues. After installing the updated packages, for the update to take effect, you must restart the httpd daemon, if you are using mod_dav_svn, and the svnserve daemon, if you are serving Subversion repositories via the svn:// protocol.
    last seen 2018-09-02
    modified 2018-07-18
    plugin id 81289
    published 2015-02-11
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=81289
    title Oracle Linux 7 : subversion (ELSA-2015-0166)
  • NASL family FreeBSD Local Security Checks
    NASL id FREEBSD_PKG_F5561ADE846C11E4B7A720CF30E32F6D.NASL
    description Subversion Project reports : Subversion's mod_dav_svn Apache HTTPD server module will crash when it receives a REPORT request for some invalid formatted special URIs. Subversion's mod_dav_svn Apache HTTPD server module will crash when it receives a request for some invalid formatted special URIs. We consider this to be a medium risk vulnerability. Repositories which allow for anonymous reads will be vulnerable without authentication. Unfortunately, no special configuration is required and all mod_dav_svn servers are vulnerable.
    last seen 2018-09-01
    modified 2014-12-19
    plugin id 80039
    published 2014-12-16
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=80039
    title FreeBSD : subversion -- DoS vulnerabilities (f5561ade-846c-11e4-b7a7-20cf30e32f6d)
  • NASL family Mandriva Local Security Checks
    NASL id MANDRIVA_MDVSA-2015-005.NASL
    description Updated subversion packages fix security vulnerabilities : A NULL pointer dereference flaw was found in the way mod_dav_svn handled REPORT requests. A remote, unauthenticated attacker could use a crafted REPORT request to crash mod_dav_svn (CVE-2014-3580). A NULL pointer dereference flaw was found in the way mod_dav_svn handled URIs for virtual transaction names. A remote, unauthenticated attacker could send a request for a virtual transaction name that does not exist, causing mod_dav_svn to crash (CVE-2014-8108).
    last seen 2018-09-01
    modified 2018-07-19
    plugin id 80386
    published 2015-01-06
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=80386
    title Mandriva Linux Security Advisory : subversion (MDVSA-2015:005)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20150210_SUBVERSION_ON_SL7_X.NASL
    description A NULL pointer dereference flaw was found in the way the mod_dav_svn module handled REPORT requests. A remote, unauthenticated attacker could use a specially crafted REPORT request to crash mod_dav_svn. (CVE-2014-3580) A NULL pointer dereference flaw was found in the way the mod_dav_svn module handled certain requests for URIs that trigger a lookup of a virtual transaction name. A remote, unauthenticated attacker could send a request for a virtual transaction name that does not exist, causing mod_dav_svn to crash. (CVE-2014-8108) It was discovered that Subversion clients retrieved cached authentication credentials using the MD5 hash of the server realm string without also checking the server's URL. A malicious server able to provide a realm that triggers an MD5 collision could possibly use this flaw to obtain the credentials for a different realm. (CVE-2014-3528) After installing the updated packages, for the update to take effect, you must restart the httpd daemon, if you are using mod_dav_svn, and the svnserve daemon, if you are serving Subversion repositories via the svn:// protocol.
    last seen 2018-09-01
    modified 2015-02-12
    plugin id 81310
    published 2015-02-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=81310
    title Scientific Linux Security Update : subversion on SL7.x x86_64
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2014-17222.NASL
    description This update includes the latest stable release of **Apache Subversion**, version **1.8.11**. Two security issues in mod_dav_svn are addressed in this release (CVE-2014-8108, CVE-2014-3580). For more details, see : http://subversion.apache.org/security/CVE-2014-8108-advisory.txt http://subversion.apache.org/security/CVE-2014-3580-advisory.txt **Client-side bugfixes:** - checkout/update: fix file externals failing to follow history and subsequently silently failing http://subversion.tigris.org/issues/show_bug.cgi?id=4185 - patch: don't skip targets in valid --git difs - diff: make property output in diffs stable - diff: fix diff of local copied directory with props - diff: fix changelist filter for repos-WC and WC-WC - remove broken conflict resolver menu options that always error out - improve gpg-agent support - fix crash in eclipse IDE with GNOME Keyring http://subversion.tigris.org/issues/show_bug.cgi?id=34 98 - fix externals shadowing a versioned directory http://subversion.tigris.org/issues/show_bug.cgi?id=40 85 - fix problems working on unix file systems that don't support permissions - upgrade: keep external registrations http://subversion.tigris.org/issues/show_bug.cgi?id=45 19 - cleanup: iprove performance of recorded timestamp fixups - translation updates for German **Server-side bugfixes:** - disable revprop caching feature due to cache invalidation problems - skip generating uniquifiers if rep-sharing is not supported - mod_dav_svn: reject requests with missing repository paths - mod_dav_svn: reject requests with invalid virtual transaction names - mod_dav_svn: avoid unneeded memory growth in resource walking http://subversion.tigris.org/issues/show_bug.cgi?id=45 31 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2018-09-02
    modified 2015-10-19
    plugin id 80375
    published 2015-01-06
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=80375
    title Fedora 20 : subversion-1.8.11-1.fc20 (2014-17222)
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2014-821.NASL
    description This Apache Subversion update fixes the following security and non security issues. - Apache Subversion 1.8.11 - This release addresses two security issues: [boo#909935] - CVE-2014-3580: mod_dav_svn DoS from invalid REPORT requests. - CVE-2014-8108: mod_dav_svn DoS from use of invalid transaction names. - Client-side bugfixes : - checkout/update: fix file externals failing to follow history and subsequently silently failing - patch: don't skip targets in valid --git difs - diff: make property output in diffs stable - diff: fix diff of local copied directory with props - diff: fix changelist filter for repos-WC and WC-WC - remove broken conflict resolver menu options that always error out - improve gpg-agent support - fix crash in eclipse IDE with GNOME Keyring - fix externals shadowing a versioned directory - fix problems working on unix file systems that don't support permissions - upgrade: keep external registrations - cleanup: iprove performance of recorded timestamp fixups - translation updates for German - Server-side bugfixes : - disable revprop caching feature due to cache invalidation problems - skip generating uniquifiers if rep-sharing is not supported - mod_dav_svn: reject requests with missing repository paths - mod_dav_svn: reject requests with invalid virtual transaction names - mod_dav_svn: avoid unneeded memory growth in resource walking
    last seen 2018-09-01
    modified 2014-12-30
    plugin id 80299
    published 2014-12-30
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=80299
    title openSUSE Security Update : subversion (openSUSE-SU-2014:1725-1)
  • NASL family Web Servers
    NASL id APACHE_MOD_DAV_SVN_REMOTE_DOS.NASL
    description The remote host is running a version of Apache SVN 1.7.x prior to 1.7.19 or 1.8.x prior to 1.8.11. It is, therefore, affected by multiple denial of service vulnerabilities : - A NULL pointer dereference flaw exists in 'mod_dav_svn' that is triggered when handling REPORT requests. A remote attacker, using a specially crafted request, can cause the listener process to crash. (CVE-2014-3580) - A NULL pointer dereference flaw exists in 'mod_dav_svn' that is triggered when handling requests for non-existent virtual transaction names. A remote attacker, using a specially crafted request, can cause the listener process to crash. (CVE-2014-8108)
    last seen 2018-09-01
    modified 2018-06-27
    plugin id 80864
    published 2015-01-20
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=80864
    title Apache Subversion 1.7.x < 1.7.19 / 1.8.x < 1.8.11 Multiple Remote DoS
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2015-0166.NASL
    description Updated subversion packages that fix three security issues are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Subversion (SVN) is a concurrent version control system which enables one or more users to collaborate in developing and maintaining a hierarchy of files and directories while keeping a history of all changes. The mod_dav_svn module is used with the Apache HTTP Server to allow access to Subversion repositories via HTTP. A NULL pointer dereference flaw was found in the way the mod_dav_svn module handled REPORT requests. A remote, unauthenticated attacker could use a specially crafted REPORT request to crash mod_dav_svn. (CVE-2014-3580) A NULL pointer dereference flaw was found in the way the mod_dav_svn module handled certain requests for URIs that trigger a lookup of a virtual transaction name. A remote, unauthenticated attacker could send a request for a virtual transaction name that does not exist, causing mod_dav_svn to crash. (CVE-2014-8108) It was discovered that Subversion clients retrieved cached authentication credentials using the MD5 hash of the server realm string without also checking the server's URL. A malicious server able to provide a realm that triggers an MD5 collision could possibly use this flaw to obtain the credentials for a different realm. (CVE-2014-3528) Red Hat would like to thank the Subversion project for reporting CVE-2014-3580 and CVE-2014-8108. Upstream acknowledges Evgeny Kotkov of VisualSVN as the original reporter. All subversion users should upgrade to these updated packages, which contain backported patches to correct these issues. After installing the updated packages, for the update to take effect, you must restart the httpd daemon, if you are using mod_dav_svn, and the svnserve daemon, if you are serving Subversion repositories via the svn:// protocol.
    last seen 2018-09-01
    modified 2018-07-02
    plugin id 81278
    published 2015-02-11
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=81278
    title CentOS 7 : subversion (CESA-2015:0166)
  • NASL family MacOS X Local Security Checks
    NASL id MACOSX_XCODE_6_2.NASL
    description The Apple Xcode installed on the remote Mac OS X host is prior to version 6.2. It is, therefore, affected by the following vulnerabilities : - Numerous errors exist related to the bundled version of Apache Subversion. (CVE-2014-3522, CVE-2014-3528, CVE-2014-3580, CVE-2014-8108) - An error exists related to the bundled version of Git that allows arbitrary files to be added to the .git folder. (CVE-2014-9390)
    last seen 2018-09-01
    modified 2018-07-14
    plugin id 81758
    published 2015-03-11
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=81758
    title Apple Xcode < 6.2 (Mac OS X)
redhat via4
advisories
bugzilla
id 1174057
title CVE-2014-8108 subversion: NULL pointer dereference flaw in mod_dav_svn when handling URIs for virtual transaction names
oval
AND
  • OR
    • comment Red Hat Enterprise Linux 7 Client is installed
      oval oval:com.redhat.rhsa:tst:20140675001
    • comment Red Hat Enterprise Linux 7 Server is installed
      oval oval:com.redhat.rhsa:tst:20140675002
    • comment Red Hat Enterprise Linux 7 Workstation is installed
      oval oval:com.redhat.rhsa:tst:20140675003
    • comment Red Hat Enterprise Linux 7 ComputeNode is installed
      oval oval:com.redhat.rhsa:tst:20140675004
  • OR
    • AND
      • comment mod_dav_svn is earlier than 0:1.7.14-7.el7_0
        oval oval:com.redhat.rhsa:tst:20150166015
      • comment mod_dav_svn is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20110258014
    • AND
      • comment subversion is earlier than 0:1.7.14-7.el7_0
        oval oval:com.redhat.rhsa:tst:20150166005
      • comment subversion is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20110258006
    • AND
      • comment subversion-devel is earlier than 0:1.7.14-7.el7_0
        oval oval:com.redhat.rhsa:tst:20150166025
      • comment subversion-devel is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20110258020
    • AND
      • comment subversion-gnome is earlier than 0:1.7.14-7.el7_0
        oval oval:com.redhat.rhsa:tst:20150166017
      • comment subversion-gnome is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20110258018
    • AND
      • comment subversion-javahl is earlier than 0:1.7.14-7.el7_0
        oval oval:com.redhat.rhsa:tst:20150166019
      • comment subversion-javahl is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20110258022
    • AND
      • comment subversion-kde is earlier than 0:1.7.14-7.el7_0
        oval oval:com.redhat.rhsa:tst:20150166007
      • comment subversion-kde is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20110258010
    • AND
      • comment subversion-libs is earlier than 0:1.7.14-7.el7_0
        oval oval:com.redhat.rhsa:tst:20150166013
      • comment subversion-libs is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20150166014
    • AND
      • comment subversion-perl is earlier than 0:1.7.14-7.el7_0
        oval oval:com.redhat.rhsa:tst:20150166023
      • comment subversion-perl is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20110258016
    • AND
      • comment subversion-python is earlier than 0:1.7.14-7.el7_0
        oval oval:com.redhat.rhsa:tst:20150166011
      • comment subversion-python is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20150166012
    • AND
      • comment subversion-ruby is earlier than 0:1.7.14-7.el7_0
        oval oval:com.redhat.rhsa:tst:20150166009
      • comment subversion-ruby is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20110258008
    • AND
      • comment subversion-tools is earlier than 0:1.7.14-7.el7_0
        oval oval:com.redhat.rhsa:tst:20150166021
      • comment subversion-tools is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20150166022
rhsa
id RHSA-2015:0166
released 2015-02-10
severity Moderate
title RHSA-2015:0166: subversion security update (Moderate)
rpms
  • mod_dav_svn-0:1.7.14-7.el7_0
  • subversion-0:1.7.14-7.el7_0
  • subversion-devel-0:1.7.14-7.el7_0
  • subversion-gnome-0:1.7.14-7.el7_0
  • subversion-javahl-0:1.7.14-7.el7_0
  • subversion-kde-0:1.7.14-7.el7_0
  • subversion-libs-0:1.7.14-7.el7_0
  • subversion-perl-0:1.7.14-7.el7_0
  • subversion-python-0:1.7.14-7.el7_0
  • subversion-ruby-0:1.7.14-7.el7_0
  • subversion-tools-0:1.7.14-7.el7_0
refmap via4
apple APPLE-SA-2015-03-09-4
bid 71725
confirm
secunia 61131
ubuntu USN-2721-1
Last major update 02-01-2017 - 21:59
Published 18-12-2014 - 10:59
Back to Top