ID CVE-2015-0248
Summary The (1) mod_dav_svn and (2) svnserve servers in Subversion 1.6.0 through 1.7.19 and 1.8.0 through 1.8.11 allow remote attackers to cause a denial of service (assertion failure and abort) via crafted parameter combinations related to dynamically evaluated revision numbers.
References
Vulnerable Configurations
  • Apache Software Foundation Subversion 1.6.0
    cpe:2.3:a:apache:subversion:1.6.0
  • Apache Software Foundation Subversion 1.6.1
    cpe:2.3:a:apache:subversion:1.6.1
  • Apache Software Foundation Subversion 1.6.2
    cpe:2.3:a:apache:subversion:1.6.2
  • Apache Software Foundation Subversion 1.6.3
    cpe:2.3:a:apache:subversion:1.6.3
  • Apache Software Foundation Subversion 1.6.4
    cpe:2.3:a:apache:subversion:1.6.4
  • Apache Software Foundation Subversion 1.6.5
    cpe:2.3:a:apache:subversion:1.6.5
  • Apache Software Foundation Subversion 1.6.6
    cpe:2.3:a:apache:subversion:1.6.6
  • Apache Software Foundation Subversion 1.6.7
    cpe:2.3:a:apache:subversion:1.6.7
  • Apache Software Foundation Subversion 1.6.8
    cpe:2.3:a:apache:subversion:1.6.8
  • Apache Software Foundation Subversion 1.6.9
    cpe:2.3:a:apache:subversion:1.6.9
  • Apache Software Foundation Subversion 1.6.10
    cpe:2.3:a:apache:subversion:1.6.10
  • Apache Software Foundation Subversion 1.6.11
    cpe:2.3:a:apache:subversion:1.6.11
  • Apache Software Foundation Subversion 1.6.12
    cpe:2.3:a:apache:subversion:1.6.12
  • Apache Software Foundation Subversion 1.6.13
    cpe:2.3:a:apache:subversion:1.6.13
  • Apache Software Foundation Subversion 1.6.14
    cpe:2.3:a:apache:subversion:1.6.14
  • Apache Software Foundation Subversion 1.6.15
    cpe:2.3:a:apache:subversion:1.6.15
  • Apache Software Foundation Subversion 1.6.16
    cpe:2.3:a:apache:subversion:1.6.16
  • Apache Software Foundation Subversion 1.6.17
    cpe:2.3:a:apache:subversion:1.6.17
  • Apache Software Foundation Subversion 1.6.18
    cpe:2.3:a:apache:subversion:1.6.18
  • Apache Software Foundation Subversion 1.6.19
    cpe:2.3:a:apache:subversion:1.6.19
  • Apache Software Foundation Subversion 1.6.20
    cpe:2.3:a:apache:subversion:1.6.20
  • Apache Software Foundation Subversion 1.6.21
    cpe:2.3:a:apache:subversion:1.6.21
  • Apache Software Foundation Subversion 1.6.23
    cpe:2.3:a:apache:subversion:1.6.23
  • Apache Software Foundation Subversion 1.7.0
    cpe:2.3:a:apache:subversion:1.7.0
  • Apache Software Foundation Subversion 1.7.1
    cpe:2.3:a:apache:subversion:1.7.1
  • Apache Software Foundation Subversion 1.7.2
    cpe:2.3:a:apache:subversion:1.7.2
  • Apache Software Foundation Subversion 1.7.3
    cpe:2.3:a:apache:subversion:1.7.3
  • Apache Software Foundation Subversion 1.7.4
    cpe:2.3:a:apache:subversion:1.7.4
  • Apache Software Foundation Subversion 1.7.5
    cpe:2.3:a:apache:subversion:1.7.5
  • Apache Software Foundation Subversion 1.7.6
    cpe:2.3:a:apache:subversion:1.7.6
  • Apache Software Foundation Subversion 1.7.7
    cpe:2.3:a:apache:subversion:1.7.7
  • Apache Software Foundation Subversion 1.7.8
    cpe:2.3:a:apache:subversion:1.7.8
  • Apache Software Foundation Subversion 1.7.9
    cpe:2.3:a:apache:subversion:1.7.9
  • Apache Software Foundation Subversion 1.7.10
    cpe:2.3:a:apache:subversion:1.7.10
  • Apache Software Foundation Subversion 1.7.11
    cpe:2.3:a:apache:subversion:1.7.11
  • Apache Software Foundation Subversion 1.7.12
    cpe:2.3:a:apache:subversion:1.7.12
  • Apache Software Foundation Subversion 1.7.13
    cpe:2.3:a:apache:subversion:1.7.13
  • Apache Software Foundation Subversion 1.7.14
    cpe:2.3:a:apache:subversion:1.7.14
  • Apache Software Foundation Subversion 1.7.15
    cpe:2.3:a:apache:subversion:1.7.15
  • Apache Software Foundation Subversion 1.7.16
    cpe:2.3:a:apache:subversion:1.7.16
  • Apache Software Foundation Subversion 1.7.17
    cpe:2.3:a:apache:subversion:1.7.17
  • Apache Software Foundation Subversion 1.7.18
    cpe:2.3:a:apache:subversion:1.7.18
  • Apache Software Foundation Subversion 1.7.19
    cpe:2.3:a:apache:subversion:1.7.19
  • Apache Software Foundation Subversion 1.8.0
    cpe:2.3:a:apache:subversion:1.8.0
  • Apache Software Foundation Subversion 1.8.1
    cpe:2.3:a:apache:subversion:1.8.1
  • Apache Software Foundation Subversion 1.8.2
    cpe:2.3:a:apache:subversion:1.8.2
  • Apache Software Foundation Subversion 1.8.3
    cpe:2.3:a:apache:subversion:1.8.3
  • Apache Software Foundation Subversion 1.8.4
    cpe:2.3:a:apache:subversion:1.8.4
  • Apache Software Foundation Subversion 1.8.5
    cpe:2.3:a:apache:subversion:1.8.5
  • Apache Software Foundation Subversion 1.8.6
    cpe:2.3:a:apache:subversion:1.8.6
  • Apache Software Foundation Subversion 1.8.7
    cpe:2.3:a:apache:subversion:1.8.7
  • Apache Software Foundation Subversion 1.8.8
    cpe:2.3:a:apache:subversion:1.8.8
  • Apache Software Foundation Subversion 1.8.9
    cpe:2.3:a:apache:subversion:1.8.9
  • Apache Software Foundation Subversion 1.8.10
    cpe:2.3:a:apache:subversion:1.8.10
  • Apache Software Foundation Subversion 1.8.11
    cpe:2.3:a:apache:subversion:1.8.11
  • OpenSUSE 13.1
    cpe:2.3:o:opensuse:opensuse:13.1
  • OpenSUSE 13.2
    cpe:2.3:o:opensuse:opensuse:13.2
  • Apple Xcode 7.0
    cpe:2.3:a:apple:xcode:7.0
  • Red Hat Enterprise Linux Desktop 6.0
    cpe:2.3:o:redhat:enterprise_linux_desktop:6.0
  • cpe:2.3:o:redhat:enterprise_linux_hpc_node:6
    cpe:2.3:o:redhat:enterprise_linux_hpc_node:6
  • Red Hat Enterprise Linux Server 6.0
    cpe:2.3:o:redhat:enterprise_linux_server:6.0
  • cpe:2.3:o:redhat:enterprise_linux_server_eus:6.7.z
    cpe:2.3:o:redhat:enterprise_linux_server_eus:6.7.z
  • Red Hat Enterprise Linux Workstation 6.0
    cpe:2.3:o:redhat:enterprise_linux_workstation:6.0
  • Oracle Solaris 11.3
    cpe:2.3:o:oracle:solaris:11.3
CVSS
Base: 5.0 (as of 20-10-2016 - 13:29)
Impact:
Exploitability:
CWE CWE-399
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
nessus via4
  • NASL family MacOS X Local Security Checks
    NASL id MACOSX_XCODE_7_0.NASL
    description The version of Apple Xcode installed on the remote Mac OS X host is prior to 7.0. It is, therefore, affected by the multiple vulnerabilities : - A memory leak issue exists in file d1_srtp.c related to the DTLS SRTP extension handling and specially crafted handshake messages. An attacker can exploit this to cause denial of service condition. (CVE-2014-3513) - A man-in-the-middle (MitM) information disclosure vulnerability, known as POODLE, exists due to the way SSL 3.0 handles padding bytes when decrypting messages encrypted using block ciphers in cipher block chaining (CBC) mode. A MitM attacker can decrypt a selected byte of a cipher text in as few as 256 tries if they are able to force a victim application to repeatedly send the same data over newly created SSL 3.0 connections. (CVE-2014-3566) - A memory leak issue exists in file t1_lib.c related to session ticket handling. An attacker can exploit this to cause denial of service condition. (CVE-2014-3567) - An error exists related to the build configuration process and the 'no-ssl3' build option that allows servers and clients to process insecure SSL 3.0 handshake messages. (CVE-2014-3568) - A directory traversal vulnerability exists in send.js due to improper sanitization of user-supplied input. A remote, unauthenticated attacker can exploit this, via a specially crafted request, to access arbitrary files outside of the restricted path. (CVE-2014-6394) - A denial of service vulnerability exists in the mod_dav_svn and svnserve servers of Apache Subversion. A remote, unauthenticated attacker can exploit this, via a crafted combination of parameters, to cause the current process to abort through a failed assertion. (CVE-2015-0248) - A flaw exists in the mod_dav_svn server of Apache Subversion. A remote, authenticated attacker can exploit this, via a crafted HTTP request sequence, to spoof an 'svn:author' property value. (CVE-2015-0251) - A flaw exists in the Apache HTTP Server due to the ap_some_auth_required() function in file request.c not properly handling Require directive associations. A remote, unauthenticated attacker can exploit this to bypass access restrictions, by leveraging a module that relies on the 2.2 API behavior. (CVE-2015-3185) - A flaw exists in the IDE Xcode server due to improper restriction of access to the repository email lists. A remote, unauthenticated attacker can exploit this to access sensitive build information, by leveraging incorrect notification delivery. (CVE-2015-5909) - A flaw exists in the IDE Xcode server due to the transmission of server information in cleartext. A remote, man-in-the-middle attacker can exploit this to access sensitive information. (CVE-2015-5910)
    last seen 2019-02-21
    modified 2018-07-14
    plugin id 86245
    published 2015-10-02
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=86245
    title Apple Xcode < 7.0 (Mac OS X) (POODLE)
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-201610-05.NASL
    description The remote host is affected by the vulnerability described in GLSA-201610-05 (Subversion, Serf: Multiple Vulnerabilities) Multiple vulnerabilities have been discovered in Subversion and Serf. Please review the CVE identifiers referenced below for details Impact : A remote attacker could possibly execute arbitrary code with the privileges of the process, conduct a man-in-the-middle attack, obtain sensitive information, or cause a Denial of Service Condition. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2016-10-12
    plugin id 93992
    published 2016-10-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=93992
    title GLSA-201610-05 : Subversion, Serf: Multiple Vulnerabilities
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2015-1633.NASL
    description Updated subversion packages that fix three security issues are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Subversion (SVN) is a concurrent version control system which enables one or more users to collaborate in developing and maintaining a hierarchy of files and directories while keeping a history of all changes. The mod_dav_svn module is used with the Apache HTTP Server to allow access to Subversion repositories via HTTP. An assertion failure flaw was found in the way the SVN server processed certain requests with dynamically evaluated revision numbers. A remote attacker could use this flaw to cause the SVN server (both svnserve and httpd with the mod_dav_svn module) to crash. (CVE-2015-0248) It was found that the mod_dav_svn module did not properly validate the svn:author property of certain requests. An attacker able to create new revisions could use this flaw to spoof the svn:author property. (CVE-2015-0251) It was found that when an SVN server (both svnserve and httpd with the mod_dav_svn module) searched the history of a file or a directory, it would disclose its location in the repository if that file or directory was not readable (for example, if it had been moved). (CVE-2015-3187) Red Hat would like to thank the Apache Software Foundation for reporting these issues. Upstream acknowledges Evgeny Kotkov of VisualSVN as the original reporter of CVE-2015-0248 and CVE-2015-0251, and C. Michael Pilato of CollabNet as the original reporter of CVE-2015-3187. All subversion users should upgrade to these updated packages, which contain backported patches to correct these issues. After installing the updated packages, for the update to take effect, you must restart the httpd daemon, if you are using mod_dav_svn, and the svnserve daemon, if you are serving Subversion repositories via the svn:// protocol.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 85494
    published 2015-08-18
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=85494
    title RHEL 6 : subversion (RHSA-2015:1633)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DLA-207.NASL
    description Several vulnerabilities were discovered in Subversion, a version control system. The Common Vulnerabilities and Exposures project identifies the following problems : CVE-2015-0248 Subversion mod_dav_svn and svnserve were vulnerable to a remotely triggerable assertion DoS vulnerability for certain requests with dynamically evaluated revision numbers. CVE-2015-0251 Subversion HTTP servers allow spoofing svn:author property values for new revisions via specially crafted v1 HTTP protocol request sequences. CVE-2013-1845 Subversion mod_dav_svn was vulnerable to a denial of service attack through a remotely triggered memory exhaustion. CVE-2013-1846 / CVE-2013-1847 / CVE-2013-1849 / CVE-2014-0032 Subversion mod_dav_svn was vulnerable to multiple remotely triggered crashes. This update has been prepared by James McCoy. NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-07-06
    plugin id 83060
    published 2015-04-27
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=83060
    title Debian DLA-207-1 : subversion security update
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-3231.NASL
    description Several vulnerabilities were discovered in Subversion, a version control system. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2015-0248 Subversion mod_dav_svn and svnserve were vulnerable to a remotely triggerable assertion DoS vulnerability for certain requests with dynamically evaluated revision numbers. - CVE-2015-0251 Subversion HTTP servers allow spoofing svn:author property values for new revisions via specially crafted v1 HTTP protocol request sequences.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 82930
    published 2015-04-22
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=82930
    title Debian DSA-3231-1 : subversion - security update
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2015-1633.NASL
    description Updated subversion packages that fix three security issues are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Subversion (SVN) is a concurrent version control system which enables one or more users to collaborate in developing and maintaining a hierarchy of files and directories while keeping a history of all changes. The mod_dav_svn module is used with the Apache HTTP Server to allow access to Subversion repositories via HTTP. An assertion failure flaw was found in the way the SVN server processed certain requests with dynamically evaluated revision numbers. A remote attacker could use this flaw to cause the SVN server (both svnserve and httpd with the mod_dav_svn module) to crash. (CVE-2015-0248) It was found that the mod_dav_svn module did not properly validate the svn:author property of certain requests. An attacker able to create new revisions could use this flaw to spoof the svn:author property. (CVE-2015-0251) It was found that when an SVN server (both svnserve and httpd with the mod_dav_svn module) searched the history of a file or a directory, it would disclose its location in the repository if that file or directory was not readable (for example, if it had been moved). (CVE-2015-3187) Red Hat would like to thank the Apache Software Foundation for reporting these issues. Upstream acknowledges Evgeny Kotkov of VisualSVN as the original reporter of CVE-2015-0248 and CVE-2015-0251, and C. Michael Pilato of CollabNet as the original reporter of CVE-2015-3187. All subversion users should upgrade to these updated packages, which contain backported patches to correct these issues. After installing the updated packages, for the update to take effect, you must restart the httpd daemon, if you are using mod_dav_svn, and the svnserve daemon, if you are serving Subversion repositories via the svn:// protocol.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 85461
    published 2015-08-18
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=85461
    title CentOS 6 : subversion (CESA-2015:1633)
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2015-289.NASL
    description Apache Subversion was updated to 1.8.13 to fix three vulnerabilities and a number of non-security bugs. This release fixes three vulnerabilities : - Subversion HTTP servers with FSFS repositories were vulnerable to a remotely triggerable excessive memory use with certain REPORT requests. (bsc#923793 CVE-2015-0202) - Subversion mod_dav_svn and svnserve were vulnerable to a remotely triggerable assertion DoS vulnerability for certain requests with dynamically evaluated revision numbers. (bsc#923794 CVE-2015-0248) - Subversion HTTP servers allow spoofing svn:author property values for new revisions (bsc#923795 CVE-2015-0251) Non-security fixes : - fixes number of client and server side non-security bugs - improved working copy performance - reduction of resource use - stability improvements - usability improvements - fix sample configuration comments in subversion.conf [boo#916286] - fix bashisms in mailer-init.sh script
    last seen 2019-02-21
    modified 2015-04-10
    plugin id 82635
    published 2015-04-08
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=82635
    title openSUSE Security Update : subversion (openSUSE-2015-289)
  • NASL family FreeBSD Local Security Checks
    NASL id FREEBSD_PKG_8E887B71D76911E4B1C220CF30E32F6D.NASL
    description Subversion Project reports : Subversion HTTP servers with FSFS repositories are vulnerable to a remotely triggerable excessive memory use with certain REPORT requests. Subversion mod_dav_svn and svnserve are vulnerable to a remotely triggerable assertion DoS vulnerability for certain requests with dynamically evaluated revision numbers. Subversion HTTP servers allow spoofing svn:author property values for new revisions.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 82481
    published 2015-04-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=82481
    title FreeBSD : subversion -- DoS vulnerabilities (8e887b71-d769-11e4-b1c2-20cf30e32f6d)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2015-11795.NASL
    description This update includes the latest stable release of **Apache Subversion**, version **1.8.13**. Three security vulnerabilities are fixed in this update : - CVE-2015-0202: https://subversion.apache.org/security/CVE-2015-0202-adv isory.txt - CVE-2015-0248: https://subversion.apache.org/security/CVE-2015-0248-a dvisory.txt - CVE-2015-0251: https://subversion.apache.org/security/CVE-2015-0251-a dvisory.txt In addition, the following changes are included in the Subversion 1.8.13 update : **Client-side bugfixes:** - ra_serf: prevent abort of commits that have already succeeded - ra_serf: support case-insensitivity in HTTP headers - better error message if an external is shadowed - ra_svn: fix reporting of directory read errors - fix a redirect handling bug in 'svn log' over HTTP - properly copy tree conflict information - fix 'svn patch' output for reordered hunks http://subversion.tigris.org/issues/show_bug.cgi?id=45 33 - svnrdump load: don't load wrong props with no-deltas dump http://subversion.tigris.org/issues/show_bug.cgi?id=45 51 - fix working copy corruption with relative file external http://subversion.tigris.org/issues/show_bug.cgi?id=44 11 - don't crash if config file is unreadable - svn resolve: don't ask a question with only one answer - fix assertion failure in svn move - working copy performance improvements - handle existing working copies which become externals - fix recording of WC meta-data for foreign repos copies - fix calculating repository path of replaced directories - fix calculating repository path after commit of switched nodes - svnrdump: don't provide HEAD+1 as base revision for deletes - don't leave conflict markers on files that are moved - avoid unnecessary subtree mergeinfo recording - fix diff of a locally copied directory with props **Server-side bugfixes:** - fsfs: fix a problem verifying pre-1.4 repos used with 1.8 - svnadmin freeze: fix memory allocation error - svnadmin load: tolerate invalid mergeinfo at r0 - svnadmin load: strip references to r1 from mergeinfo http://subversion.tigris.org/issues/show_bug.cgi?id=45 38 - svnsync: strip any r0 references from mergeinfo http://subversion.tigris.org/issues/show_bug.cgi?id=44 76 - fsfs: reduce memory consumption when operating on dag nodes - reject invalid get-location-segments requests in mod_dav_svn and svnserve - mod_dav_svn: reject invalid txnprop change requests **Client-side and server-side bugfixes:** - fix undefined behaviour in string buffer routines - fix consistency issues with APR r/w locks on Windows - fix occasional SEGV if threads load DSOs in parallel - properly duplicate svn error objects - fix use-after-free in config parser Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2015-10-19
    plugin id 85065
    published 2015-07-29
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=85065
    title Fedora 21 : subversion-1.8.13-7.fc21 (2015-11795)
  • NASL family Mandriva Local Security Checks
    NASL id MANDRIVA_MDVSA-2015-192.NASL
    description Multiple vulnerabilities has been discovered and corrected in subversion : Subversion HTTP servers with FSFS repositories are vulnerable to a remotely triggerable excessive memory use with certain REPORT requests (CVE-2015-0202). Subversion mod_dav_svn and svnserve are vulnerable to a remotely triggerable assertion DoS vulnerability for certain requests with dynamically evaluated revision numbers (CVE-2015-0248). Subversion HTTP servers allow spoofing svn:author property values for new revisions (CVE-2015-0251). The updated packages have been upgraded to the 1.7.20 and 1.8.13 versions where these security flaws has been fixed.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 82563
    published 2015-04-03
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=82563
    title Mandriva Linux Security Advisory : subversion (MDVSA-2015:192)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2015-1633.NASL
    description From Red Hat Security Advisory 2015:1633 : Updated subversion packages that fix three security issues are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Subversion (SVN) is a concurrent version control system which enables one or more users to collaborate in developing and maintaining a hierarchy of files and directories while keeping a history of all changes. The mod_dav_svn module is used with the Apache HTTP Server to allow access to Subversion repositories via HTTP. An assertion failure flaw was found in the way the SVN server processed certain requests with dynamically evaluated revision numbers. A remote attacker could use this flaw to cause the SVN server (both svnserve and httpd with the mod_dav_svn module) to crash. (CVE-2015-0248) It was found that the mod_dav_svn module did not properly validate the svn:author property of certain requests. An attacker able to create new revisions could use this flaw to spoof the svn:author property. (CVE-2015-0251) It was found that when an SVN server (both svnserve and httpd with the mod_dav_svn module) searched the history of a file or a directory, it would disclose its location in the repository if that file or directory was not readable (for example, if it had been moved). (CVE-2015-3187) Red Hat would like to thank the Apache Software Foundation for reporting these issues. Upstream acknowledges Evgeny Kotkov of VisualSVN as the original reporter of CVE-2015-0248 and CVE-2015-0251, and C. Michael Pilato of CollabNet as the original reporter of CVE-2015-3187. All subversion users should upgrade to these updated packages, which contain backported patches to correct these issues. After installing the updated packages, for the update to take effect, you must restart the httpd daemon, if you are using mod_dav_svn, and the svnserve daemon, if you are serving Subversion repositories via the svn:// protocol.
    last seen 2019-02-21
    modified 2018-07-18
    plugin id 85489
    published 2015-08-18
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=85489
    title Oracle Linux 6 : subversion (ELSA-2015-1633)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20150908_SUBVERSION_ON_SL7_X.NASL
    description An assertion failure flaw was found in the way the SVN server processed certain requests with dynamically evaluated revision numbers. A remote attacker could use this flaw to cause the SVN server (both svnserve and httpd with the mod_dav_svn module) to crash. (CVE-2015-0248) It was found that the mod_authz_svn module did not properly restrict anonymous access to Subversion repositories under certain configurations when used with Apache httpd 2.4.x. This could allow a user to anonymously access files in a Subversion repository, which should only be accessible to authenticated users. (CVE-2015-3184) It was found that the mod_dav_svn module did not properly validate the svn:author property of certain requests. An attacker able to create new revisions could use this flaw to spoof the svn:author property. (CVE-2015-0251) It was found that when an SVN server (both svnserve and httpd with the mod_dav_svn module) searched the history of a file or a directory, it would disclose its location in the repository if that file or directory was not readable (for example, if it had been moved). (CVE-2015-3187) After installing the updated packages, for the update to take effect, you must restart the httpd daemon, if you are using mod_dav_svn, and the svnserve daemon, if you are serving Subversion repositories via the svn:// protocol.
    last seen 2019-02-21
    modified 2018-12-28
    plugin id 85867
    published 2015-09-09
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=85867
    title Scientific Linux Security Update : subversion on SL7.x x86_64
  • NASL family Amazon Linux Local Security Checks
    NASL id ALA_ALAS-2015-587.NASL
    description The mod_dav_svn server in Subversion 1.8.0 through 1.8.11 allows remote attackers to cause a denial of service (memory consumption) via a large number of REPORT requests, which trigger the traversal of FSFS repository nodes. (CVE-2015-0202) An assertion failure flaw was found in the way the SVN server processed certain requests with dynamically evaluated revision numbers. A remote attacker could use this flaw to cause the SVN server (both svnserve and httpd with the mod_dav_svn module) to crash. (CVE-2015-0248) It was found that the mod_dav_svn module did not properly validate the svn:author property of certain requests. An attacker able to create new revisions could use this flaw to spoof the svn:author property. (CVE-2015-0251)
    last seen 2019-02-21
    modified 2018-04-18
    plugin id 85632
    published 2015-08-26
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=85632
    title Amazon Linux AMI : subversion / mod_dav_svn (ALAS-2015-587)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2015-1742.NASL
    description From Red Hat Security Advisory 2015:1742 : Updated subversion packages that fix multiple security issues are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Subversion (SVN) is a concurrent version control system which enables one or more users to collaborate in developing and maintaining a hierarchy of files and directories while keeping a history of all changes. The mod_dav_svn module is used with the Apache HTTP Server to allow access to Subversion repositories via HTTP. An assertion failure flaw was found in the way the SVN server processed certain requests with dynamically evaluated revision numbers. A remote attacker could use this flaw to cause the SVN server (both svnserve and httpd with the mod_dav_svn module) to crash. (CVE-2015-0248) It was found that the mod_authz_svn module did not properly restrict anonymous access to Subversion repositories under certain configurations when used with Apache httpd 2.4.x. This could allow a user to anonymously access files in a Subversion repository, which should only be accessible to authenticated users. (CVE-2015-3184) It was found that the mod_dav_svn module did not properly validate the svn:author property of certain requests. An attacker able to create new revisions could use this flaw to spoof the svn:author property. (CVE-2015-0251) It was found that when an SVN server (both svnserve and httpd with the mod_dav_svn module) searched the history of a file or a directory, it would disclose its location in the repository if that file or directory was not readable (for example, if it had been moved). (CVE-2015-3187) Red Hat would like to thank the Apache Software Foundation for reporting these issues. Upstream acknowledges Evgeny Kotkov of VisualSVN as the original reporter of CVE-2015-0248 and CVE-2015-0251, and C. Michael Pilato of CollabNet as the original reporter of CVE-2015-3184 and CVE-2015-3187 flaws. All subversion users should upgrade to these updated packages, which contain backported patches to correct these issues. After installing the updated packages, for the update to take effect, you must restart the httpd daemon, if you are using mod_dav_svn, and the svnserve daemon, if you are serving Subversion repositories via the svn:// protocol.
    last seen 2019-02-21
    modified 2018-07-18
    plugin id 85865
    published 2015-09-09
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=85865
    title Oracle Linux 7 : subversion (ELSA-2015-1742)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2015-1742.NASL
    description Updated subversion packages that fix multiple security issues are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Subversion (SVN) is a concurrent version control system which enables one or more users to collaborate in developing and maintaining a hierarchy of files and directories while keeping a history of all changes. The mod_dav_svn module is used with the Apache HTTP Server to allow access to Subversion repositories via HTTP. An assertion failure flaw was found in the way the SVN server processed certain requests with dynamically evaluated revision numbers. A remote attacker could use this flaw to cause the SVN server (both svnserve and httpd with the mod_dav_svn module) to crash. (CVE-2015-0248) It was found that the mod_authz_svn module did not properly restrict anonymous access to Subversion repositories under certain configurations when used with Apache httpd 2.4.x. This could allow a user to anonymously access files in a Subversion repository, which should only be accessible to authenticated users. (CVE-2015-3184) It was found that the mod_dav_svn module did not properly validate the svn:author property of certain requests. An attacker able to create new revisions could use this flaw to spoof the svn:author property. (CVE-2015-0251) It was found that when an SVN server (both svnserve and httpd with the mod_dav_svn module) searched the history of a file or a directory, it would disclose its location in the repository if that file or directory was not readable (for example, if it had been moved). (CVE-2015-3187) Red Hat would like to thank the Apache Software Foundation for reporting these issues. Upstream acknowledges Evgeny Kotkov of VisualSVN as the original reporter of CVE-2015-0248 and CVE-2015-0251, and C. Michael Pilato of CollabNet as the original reporter of CVE-2015-3184 and CVE-2015-3187 flaws. All subversion users should upgrade to these updated packages, which contain backported patches to correct these issues. After installing the updated packages, for the update to take effect, you must restart the httpd daemon, if you are using mod_dav_svn, and the svnserve daemon, if you are serving Subversion repositories via the svn:// protocol.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 85978
    published 2015-09-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=85978
    title RHEL 7 : subversion (RHSA-2015:1742)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20150817_SUBVERSION_ON_SL6_X.NASL
    description An assertion failure flaw was found in the way the SVN server processed certain requests with dynamically evaluated revision numbers. A remote attacker could use this flaw to cause the SVN server (both svnserve and httpd with the mod_dav_svn module) to crash. (CVE-2015-0248) It was found that the mod_dav_svn module did not properly validate the svn:author property of certain requests. An attacker able to create new revisions could use this flaw to spoof the svn:author property. (CVE-2015-0251) It was found that when an SVN server (both svnserve and httpd with the mod_dav_svn module) searched the history of a file or a directory, it would disclose its location in the repository if that file or directory was not readable (for example, if it had been moved). (CVE-2015-3187) After installing the updated packages, for the update to take effect, you must restart the httpd daemon, if you are using mod_dav_svn, and the svnserve daemon, if you are serving Subversion repositories via the svn:// protocol.
    last seen 2019-02-21
    modified 2018-12-28
    plugin id 85503
    published 2015-08-18
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=85503
    title Scientific Linux Security Update : subversion on SL6.x i386/x86_64
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-2721-1.NASL
    description It was discovered that the Subversion mod_dav_svn module incorrectly handled REPORT requests for a resource that does not exist. A remote attacker could use this issue to cause the server to crash, resulting in a denial of service. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2014-3580) It was discovered that the Subversion mod_dav_svn module incorrectly handled requests requiring a lookup for a virtual transaction name that does not exist. A remote attacker could use this issue to cause the server to crash, resulting in a denial of service. This issue only affected Ubuntu 14.04 LTS. (CVE-2014-8108) Evgeny Kotkov discovered that the Subversion mod_dav_svn module incorrectly handled large numbers of REPORT requests. A remote attacker could use this issue to cause the server to crash, resulting in a denial of service. This issue only affected Ubuntu 14.04 LTS and Ubuntu 15.04. (CVE-2015-0202) Evgeny Kotkov discovered that the Subversion mod_dav_svn and svnserve modules incorrectly certain crafted parameter combinations. A remote attacker could use this issue to cause the server to crash, resulting in a denial of service. (CVE-2015-0248) Ivan Zhakov discovered that the Subversion mod_dav_svn module incorrectly handled crafted v1 HTTP protocol request sequences. A remote attacker could use this issue to spoof the svn:author property. (CVE-2015-0251) C. Michael Pilato discovered that the Subversion mod_dav_svn module incorrectly restricted anonymous access. A remote attacker could use this issue to read hidden files via the path name. This issue only affected Ubuntu 14.04 LTS and Ubuntu 15.04. (CVE-2015-3184) C. Michael Pilato discovered that Subversion incorrectly handled path-based authorization. A remote attacker could use this issue to obtain sensitive path information. (CVE-2015-3187). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 85579
    published 2015-08-21
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=85579
    title Ubuntu 12.04 LTS / 14.04 LTS / 15.04 : subversion vulnerabilities (USN-2721-1)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2015-1742.NASL
    description Updated subversion packages that fix multiple security issues are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Subversion (SVN) is a concurrent version control system which enables one or more users to collaborate in developing and maintaining a hierarchy of files and directories while keeping a history of all changes. The mod_dav_svn module is used with the Apache HTTP Server to allow access to Subversion repositories via HTTP. An assertion failure flaw was found in the way the SVN server processed certain requests with dynamically evaluated revision numbers. A remote attacker could use this flaw to cause the SVN server (both svnserve and httpd with the mod_dav_svn module) to crash. (CVE-2015-0248) It was found that the mod_authz_svn module did not properly restrict anonymous access to Subversion repositories under certain configurations when used with Apache httpd 2.4.x. This could allow a user to anonymously access files in a Subversion repository, which should only be accessible to authenticated users. (CVE-2015-3184) It was found that the mod_dav_svn module did not properly validate the svn:author property of certain requests. An attacker able to create new revisions could use this flaw to spoof the svn:author property. (CVE-2015-0251) It was found that when an SVN server (both svnserve and httpd with the mod_dav_svn module) searched the history of a file or a directory, it would disclose its location in the repository if that file or directory was not readable (for example, if it had been moved). (CVE-2015-3187) Red Hat would like to thank the Apache Software Foundation for reporting these issues. Upstream acknowledges Evgeny Kotkov of VisualSVN as the original reporter of CVE-2015-0248 and CVE-2015-0251, and C. Michael Pilato of CollabNet as the original reporter of CVE-2015-3184 and CVE-2015-3187 flaws. All subversion users should upgrade to these updated packages, which contain backported patches to correct these issues. After installing the updated packages, for the update to take effect, you must restart the httpd daemon, if you are using mod_dav_svn, and the svnserve daemon, if you are serving Subversion repositories via the svn:// protocol.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 86510
    published 2015-10-22
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=86510
    title CentOS 7 : subversion (CESA-2015:1742)
redhat via4
advisories
  • rhsa
    id RHSA-2015:1633
  • rhsa
    id RHSA-2015:1742
rpms
  • mod_dav_svn-0:1.6.11-15.el6_7
  • subversion-0:1.6.11-15.el6_7
  • subversion-devel-0:1.6.11-15.el6_7
  • subversion-gnome-0:1.6.11-15.el6_7
  • subversion-javahl-0:1.6.11-15.el6_7
  • subversion-kde-0:1.6.11-15.el6_7
  • subversion-perl-0:1.6.11-15.el6_7
  • subversion-ruby-0:1.6.11-15.el6_7
  • subversion-svn2cl-0:1.6.11-15.el6_7
  • mod_dav_svn-0:1.7.14-7.el7_1.1
  • subversion-0:1.7.14-7.el7_1.1
  • subversion-devel-0:1.7.14-7.el7_1.1
  • subversion-gnome-0:1.7.14-7.el7_1.1
  • subversion-javahl-0:1.7.14-7.el7_1.1
  • subversion-kde-0:1.7.14-7.el7_1.1
  • subversion-libs-0:1.7.14-7.el7_1.1
  • subversion-perl-0:1.7.14-7.el7_1.1
  • subversion-python-0:1.7.14-7.el7_1.1
  • subversion-ruby-0:1.7.14-7.el7_1.1
  • subversion-tools-0:1.7.14-7.el7_1.1
refmap via4
apple APPLE-SA-2015-09-16-2
bid 74260
confirm
debian DSA-3231
gentoo GLSA-201610-05
mandriva MDVSA-2015:192
sectrack 1033214
suse openSUSE-SU-2015:0672
ubuntu USN-2721-1
Last major update 02-01-2017 - 21:59
Published 08-04-2015 - 14:59
Last modified 30-10-2018 - 12:27
Back to Top