var-201504-0064
Vulnerability from variot
The (1) mod_dav_svn and (2) svnserve servers in Subversion 1.6.0 through 1.7.19 and 1.8.0 through 1.8.11 allow remote attackers to cause a denial of service (assertion failure and abort) via crafted parameter combinations related to dynamically evaluated revision numbers. Apache Subversion is prone to multiple denial-of-service vulnerabilities. An attacker may exploit these issues to crash the affected application, resulting in a denial-of-service condition. The system is compatible with the Concurrent Versions System (CVS). A security vulnerability exists in the mod_dav_svn and svnserve servers of Subversion versions 1.6.0 through 1.7.19 and 1.8.0 through 1.8.11.
For the stable distribution (wheezy), these problems have been fixed in version 1.6.17dfsg-4+deb7u9.
For the upcoming stable distribution (jessie), these problems have been fixed in version 1.8.10-6.
For the unstable distribution (sid), these problems have been fixed in version 1.8.10-6. ============================================================================ Ubuntu Security Notice USN-2721-1 August 20, 2015
subversion vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 15.04
- Ubuntu 14.04 LTS
- Ubuntu 12.04 LTS
Summary:
Several security issues were fixed in Subversion.
Software Description: - subversion: Advanced version control system
Details:
It was discovered that the Subversion mod_dav_svn module incorrectly handled REPORT requests for a resource that does not exist. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2014-3580)
It was discovered that the Subversion mod_dav_svn module incorrectly handled requests requiring a lookup for a virtual transaction name that does not exist. This issue only affected Ubuntu 14.04 LTS. (CVE-2014-8108)
Evgeny Kotkov discovered that the Subversion mod_dav_svn module incorrectly handled large numbers of REPORT requests. This issue only affected Ubuntu 14.04 LTS and Ubuntu 15.04. (CVE-2015-0202)
Evgeny Kotkov discovered that the Subversion mod_dav_svn and svnserve modules incorrectly certain crafted parameter combinations. (CVE-2015-0248)
Ivan Zhakov discovered that the Subversion mod_dav_svn module incorrectly handled crafted v1 HTTP protocol request sequences. (CVE-2015-0251)
C. A remote attacker could use this issue to read hidden files via the path name. This issue only affected Ubuntu 14.04 LTS and Ubuntu 15.04. (CVE-2015-3184)
C. Michael Pilato discovered that Subversion incorrectly handled path-based authorization. A remote attacker could use this issue to obtain sensitive path information. (CVE-2015-3187)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 15.04: libapache2-svn 1.8.10-5ubuntu1.1 libsvn1 1.8.10-5ubuntu1.1 subversion 1.8.10-5ubuntu1.1
Ubuntu 14.04 LTS: libapache2-svn 1.8.8-1ubuntu3.2 libsvn1 1.8.8-1ubuntu3.2 subversion 1.8.8-1ubuntu3.2
Ubuntu 12.04 LTS: libapache2-svn 1.6.17dfsg-3ubuntu3.5 libsvn1 1.6.17dfsg-3ubuntu3.5 subversion 1.6.17dfsg-3ubuntu3.5
In general, a standard system update will make all the necessary changes.
The updated packages have been upgraded to the 1.7.20 and 1.8.13 versions where these security flaws has been fixed. The verification of md5 checksums and GPG signatures is performed automatically for you. 6) - i386, noarch, x86_64
Gentoo Linux Security Advisory GLSA 201610-05
https://security.gentoo.org/
Severity: Normal Title: Subversion, Serf: Multiple Vulnerabilities Date: October 11, 2016 Bugs: #500482, #518716, #519202, #545348, #556076, #567810, #581448, #586046 ID: 201610-05
Synopsis
Multiple vulnerabilities have been found in Subversion and Serf, the worst of which could lead to execution of arbitrary code.
Background
Subversion is a version control system intended to eventually replace CVS. Like CVS, it has an optional client-server architecture (where the server can be an Apache server running mod_svn, or an ssh program as in CVS's :ext: method). In addition to supporting the features found in CVS, Subversion also provides support for moving and copying files and directories.
The serf library is a high performance C-based HTTP client library built upon the Apache Portable Runtime (APR) library.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 dev-vcs/subversion < 1.9.4 >= 1.9.4 *> 1.8.16 2 net-libs/serf < 1.3.7 >= 1.3.7 ------------------------------------------------------------------- 2 affected packages
Description
Multiple vulnerabilities have been discovered in Subversion and Serf. Please review the CVE identifiers referenced below for details
Impact
A remote attacker could possibly execute arbitrary code with the privileges of the process, conduct a man-in-the-middle attack, obtain sensitive information, or cause a Denial of Service Condition.
Workaround
There is no known workaround at this time.
Resolution
All Subversion users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=dev-vcs/subversion-1.9.4"
All Serf users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=net-libs/serf-1.3.7"
References
[ 1 ] CVE-2014-0032 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0032 [ 2 ] CVE-2014-3504 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3504 [ 3 ] CVE-2014-3522 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3522 [ 4 ] CVE-2014-3528 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3528 [ 5 ] CVE-2015-0202 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0202 [ 6 ] CVE-2015-0248 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0248 [ 7 ] CVE-2015-0251 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0251 [ 8 ] CVE-2015-3184 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3184 [ 9 ] CVE-2015-3187 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3187 [ 10 ] CVE-2015-5259 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5259 [ 11 ] CVE-2016-2167 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2167 [ 12 ] CVE-2016-2168 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2168
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
https://security.gentoo.org/glsa/201610-05
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2016 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
APPLE-SA-2015-09-16-2 Xcode 7.0
Xcode 7.0 is now available and addresses the following:
DevTools Available for: OS X Yosemite v10.10.4 or later Impact: An attacker may be able to bypass access restrictions Description: An API issue existed in the apache configuration. CVE-ID CVE-2015-3185 : Branko Aibej of the Apache Software Foundation
IDE Xcode Server Available for: OS X Yosemite 10.10 or later Impact: An attacker may be able to access restricted parts of the filesystem Description: A comparison issue existed in the node.js send module prior to version 0.8.4. This issue was addressed by upgrading to version 0.12.3. CVE-ID CVE-2014-6394 : Ilya Kantor
IDE Xcode Server Available for: OS X Yosemite v10.10.4 or later Impact: Multiple vulnerabilties in OpenSSL Description: Multiple vulnerabilties existed in the node.js OpenSSL module prior to version 1.0.1j. These issues were addressed by updating openssl to version 1.0.1j. CVE-ID CVE-2014-3513 CVE-2014-3566 CVE-2014-3567 CVE-2014-3568
IDE Xcode Server Available for: OS X Yosemite v10.10.4 or later Impact: An attacker with a privileged network position may be able to inspect traffic to Xcode Server Description: Connections to Xcode Server may have been made without encryption. This issue was addressed through improved network connection logic. CVE-ID CVE-2015-5910 : an anonymous researcher
IDE Xcode Server Available for: OS X Yosemite v10.10.4 or later Impact: Build notifications may be sent to unintended recipients Description: An access issue existed in the handling of repository email lists. This issue was addressed through improved validation. CVE-ID CVE-2015-5909 : Daniel Tomlinson of Rocket Apps, David Gatwood of Anchorfree
subversion Available for: OS X Yosemite v10.10.4 or later Impact: Multiple vulnerabilities existed in svn versions prior to 1.7.19 Description: Multiple vulnerabilities existed in svn versions prior to 1.7.19. These issues were addressed by updating svn to version 1.7.20. CVE-ID CVE-2015-0248 CVE-2015-0251
Xcode 7.0 may be obtained from: https://developer.apple.com/xcode/downloads/
To check that the Xcode has been updated:
- Select Xcode in the menu bar
- Select About Xcode
- The version after applying this update will be "7.0".
Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE----- Comment: GPGTools - http://gpgtools.org
iQIcBAEBCAAGBQJV+axlAAoJEBcWfLTuOo7tzuMQAJhCQaeClT0rDozh+WlKgM6f X86xFeXLJ1gjlPKH183Bvm2gTW0m5kQuoNK1grarMB+rEeb8mPsOczwrIJisxVlr 5zkW/7JktHcsBU5vUa4j4T/CEJjp92VPZ4ub3k3eQOrhinn4E86uKcMxrYoQOAE0 YFMSDaPBFy+LIJ08ROB/AH8fkGJMLRCRAp43IGgzNuxCDx9jzW97m1dh86mR1CxP GdhWRvN7T5YqXyJTw6pZbEHtVXjty8appe2ScvHByCRxa4gZq+/JinHInLjaB4p7 3o58rAWh7lDhcEi3HqkIu0YW6fLslPydCHTI4cH1PCHTuevNjjvK34IqMbD0jG/t tO+vQFhwXpD5chsSB2oP2zLOWAJ7BA5uwvArkJhGKKzQ5DEI0soLBWG7Koe3RitO HokIMyx0r+sf4YD+OP4RVPU9bU4FpayXZnECmHzWmK2vguihbIzjxq+Knvx7aiF9 js1Qn0DxT2puVYdhixtkvYKT7r8XRjI8MPLEwS+tX1Yg1Lqhz2G1MR6mO9iBW56L g5deOuCVc56qeaobuUK0clvdFYtyd5jIXgh0zspZ4ssCbbdCOTZUQaG1mBGkIf3R JgWTX8ny1Fdk9om3dmZVWUCzzqxJR/tm5M7kjGc425ZGaoBRWLga1VIjNz7MEfKS YMBNmqt6weEewNqyDMnX =SGgX -----END PGP SIGNATURE----- . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
===================================================================== Red Hat Security Advisory
Synopsis: Moderate: subversion security update Advisory ID: RHSA-2015:1742-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-1742.html Issue date: 2015-09-08 CVE Names: CVE-2015-0248 CVE-2015-0251 CVE-2015-3184 CVE-2015-3187 =====================================================================
- Summary:
Updated subversion packages that fix multiple security issues are now available for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.
- Relevant releases/architectures:
Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64
- Description:
Subversion (SVN) is a concurrent version control system which enables one or more users to collaborate in developing and maintaining a hierarchy of files and directories while keeping a history of all changes. The mod_dav_svn module is used with the Apache HTTP Server to allow access to Subversion repositories via HTTP. A remote attacker could use this flaw to cause the SVN server (both svnserve and httpd with the mod_dav_svn module) to crash. (CVE-2015-0248)
It was found that the mod_authz_svn module did not properly restrict anonymous access to Subversion repositories under certain configurations when used with Apache httpd 2.4.x. This could allow a user to anonymously access files in a Subversion repository, which should only be accessible to authenticated users. (CVE-2015-3184)
It was found that the mod_dav_svn module did not properly validate the svn:author property of certain requests. An attacker able to create new revisions could use this flaw to spoof the svn:author property. (CVE-2015-0251)
It was found that when an SVN server (both svnserve and httpd with the mod_dav_svn module) searched the history of a file or a directory, it would disclose its location in the repository if that file or directory was not readable (for example, if it had been moved). (CVE-2015-3187)
Red Hat would like to thank the Apache Software Foundation for reporting these issues. Upstream acknowledges Evgeny Kotkov of VisualSVN as the original reporter of CVE-2015-0248 and CVE-2015-0251, and C. Michael Pilato of CollabNet as the original reporter of CVE-2015-3184 and CVE-2015-3187 flaws.
All subversion users should upgrade to these updated packages, which contain backported patches to correct these issues. After installing the updated packages, for the update to take effect, you must restart the httpd daemon, if you are using mod_dav_svn, and the svnserve daemon, if you are serving Subversion repositories via the svn:// protocol.
- Solution:
Before applying this update, make sure all previously released errata relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
- Package List:
Red Hat Enterprise Linux Client Optional (v. 7):
Source: subversion-1.7.14-7.el7_1.1.src.rpm
x86_64: mod_dav_svn-1.7.14-7.el7_1.1.x86_64.rpm subversion-1.7.14-7.el7_1.1.i686.rpm subversion-1.7.14-7.el7_1.1.x86_64.rpm subversion-debuginfo-1.7.14-7.el7_1.1.i686.rpm subversion-debuginfo-1.7.14-7.el7_1.1.x86_64.rpm subversion-devel-1.7.14-7.el7_1.1.i686.rpm subversion-devel-1.7.14-7.el7_1.1.x86_64.rpm subversion-gnome-1.7.14-7.el7_1.1.i686.rpm subversion-gnome-1.7.14-7.el7_1.1.x86_64.rpm subversion-javahl-1.7.14-7.el7_1.1.i686.rpm subversion-javahl-1.7.14-7.el7_1.1.x86_64.rpm subversion-kde-1.7.14-7.el7_1.1.i686.rpm subversion-kde-1.7.14-7.el7_1.1.x86_64.rpm subversion-libs-1.7.14-7.el7_1.1.i686.rpm subversion-libs-1.7.14-7.el7_1.1.x86_64.rpm subversion-perl-1.7.14-7.el7_1.1.i686.rpm subversion-perl-1.7.14-7.el7_1.1.x86_64.rpm subversion-python-1.7.14-7.el7_1.1.x86_64.rpm subversion-ruby-1.7.14-7.el7_1.1.i686.rpm subversion-ruby-1.7.14-7.el7_1.1.x86_64.rpm subversion-tools-1.7.14-7.el7_1.1.x86_64.rpm
Red Hat Enterprise Linux ComputeNode Optional (v. 7):
Source: subversion-1.7.14-7.el7_1.1.src.rpm
x86_64: mod_dav_svn-1.7.14-7.el7_1.1.x86_64.rpm subversion-1.7.14-7.el7_1.1.i686.rpm subversion-1.7.14-7.el7_1.1.x86_64.rpm subversion-debuginfo-1.7.14-7.el7_1.1.i686.rpm subversion-debuginfo-1.7.14-7.el7_1.1.x86_64.rpm subversion-devel-1.7.14-7.el7_1.1.i686.rpm subversion-devel-1.7.14-7.el7_1.1.x86_64.rpm subversion-gnome-1.7.14-7.el7_1.1.i686.rpm subversion-gnome-1.7.14-7.el7_1.1.x86_64.rpm subversion-javahl-1.7.14-7.el7_1.1.i686.rpm subversion-javahl-1.7.14-7.el7_1.1.x86_64.rpm subversion-kde-1.7.14-7.el7_1.1.i686.rpm subversion-kde-1.7.14-7.el7_1.1.x86_64.rpm subversion-libs-1.7.14-7.el7_1.1.i686.rpm subversion-libs-1.7.14-7.el7_1.1.x86_64.rpm subversion-perl-1.7.14-7.el7_1.1.i686.rpm subversion-perl-1.7.14-7.el7_1.1.x86_64.rpm subversion-python-1.7.14-7.el7_1.1.x86_64.rpm subversion-ruby-1.7.14-7.el7_1.1.i686.rpm subversion-ruby-1.7.14-7.el7_1.1.x86_64.rpm subversion-tools-1.7.14-7.el7_1.1.x86_64.rpm
Red Hat Enterprise Linux Server (v. 7):
Source: subversion-1.7.14-7.el7_1.1.src.rpm
ppc64: mod_dav_svn-1.7.14-7.el7_1.1.ppc64.rpm subversion-1.7.14-7.el7_1.1.ppc64.rpm subversion-debuginfo-1.7.14-7.el7_1.1.ppc.rpm subversion-debuginfo-1.7.14-7.el7_1.1.ppc64.rpm subversion-libs-1.7.14-7.el7_1.1.ppc.rpm subversion-libs-1.7.14-7.el7_1.1.ppc64.rpm
s390x: mod_dav_svn-1.7.14-7.el7_1.1.s390x.rpm subversion-1.7.14-7.el7_1.1.s390x.rpm subversion-debuginfo-1.7.14-7.el7_1.1.s390.rpm subversion-debuginfo-1.7.14-7.el7_1.1.s390x.rpm subversion-libs-1.7.14-7.el7_1.1.s390.rpm subversion-libs-1.7.14-7.el7_1.1.s390x.rpm
x86_64: mod_dav_svn-1.7.14-7.el7_1.1.x86_64.rpm subversion-1.7.14-7.el7_1.1.x86_64.rpm subversion-debuginfo-1.7.14-7.el7_1.1.i686.rpm subversion-debuginfo-1.7.14-7.el7_1.1.x86_64.rpm subversion-libs-1.7.14-7.el7_1.1.i686.rpm subversion-libs-1.7.14-7.el7_1.1.x86_64.rpm
Red Hat Enterprise Linux Server (v. 7):
Source: subversion-1.7.14-7.ael7b_1.1.src.rpm
ppc64le: mod_dav_svn-1.7.14-7.ael7b_1.1.ppc64le.rpm subversion-1.7.14-7.ael7b_1.1.ppc64le.rpm subversion-debuginfo-1.7.14-7.ael7b_1.1.ppc64le.rpm subversion-libs-1.7.14-7.ael7b_1.1.ppc64le.rpm
Red Hat Enterprise Linux Server Optional (v. 7):
ppc64: subversion-1.7.14-7.el7_1.1.ppc.rpm subversion-debuginfo-1.7.14-7.el7_1.1.ppc.rpm subversion-debuginfo-1.7.14-7.el7_1.1.ppc64.rpm subversion-devel-1.7.14-7.el7_1.1.ppc.rpm subversion-devel-1.7.14-7.el7_1.1.ppc64.rpm subversion-gnome-1.7.14-7.el7_1.1.ppc.rpm subversion-gnome-1.7.14-7.el7_1.1.ppc64.rpm subversion-javahl-1.7.14-7.el7_1.1.ppc.rpm subversion-javahl-1.7.14-7.el7_1.1.ppc64.rpm subversion-kde-1.7.14-7.el7_1.1.ppc.rpm subversion-kde-1.7.14-7.el7_1.1.ppc64.rpm subversion-perl-1.7.14-7.el7_1.1.ppc.rpm subversion-perl-1.7.14-7.el7_1.1.ppc64.rpm subversion-python-1.7.14-7.el7_1.1.ppc64.rpm subversion-ruby-1.7.14-7.el7_1.1.ppc.rpm subversion-ruby-1.7.14-7.el7_1.1.ppc64.rpm subversion-tools-1.7.14-7.el7_1.1.ppc64.rpm
s390x: subversion-1.7.14-7.el7_1.1.s390.rpm subversion-debuginfo-1.7.14-7.el7_1.1.s390.rpm subversion-debuginfo-1.7.14-7.el7_1.1.s390x.rpm subversion-devel-1.7.14-7.el7_1.1.s390.rpm subversion-devel-1.7.14-7.el7_1.1.s390x.rpm subversion-gnome-1.7.14-7.el7_1.1.s390.rpm subversion-gnome-1.7.14-7.el7_1.1.s390x.rpm subversion-javahl-1.7.14-7.el7_1.1.s390.rpm subversion-javahl-1.7.14-7.el7_1.1.s390x.rpm subversion-kde-1.7.14-7.el7_1.1.s390.rpm subversion-kde-1.7.14-7.el7_1.1.s390x.rpm subversion-perl-1.7.14-7.el7_1.1.s390.rpm subversion-perl-1.7.14-7.el7_1.1.s390x.rpm subversion-python-1.7.14-7.el7_1.1.s390x.rpm subversion-ruby-1.7.14-7.el7_1.1.s390.rpm subversion-ruby-1.7.14-7.el7_1.1.s390x.rpm subversion-tools-1.7.14-7.el7_1.1.s390x.rpm
x86_64: subversion-1.7.14-7.el7_1.1.i686.rpm subversion-debuginfo-1.7.14-7.el7_1.1.i686.rpm subversion-debuginfo-1.7.14-7.el7_1.1.x86_64.rpm subversion-devel-1.7.14-7.el7_1.1.i686.rpm subversion-devel-1.7.14-7.el7_1.1.x86_64.rpm subversion-gnome-1.7.14-7.el7_1.1.i686.rpm subversion-gnome-1.7.14-7.el7_1.1.x86_64.rpm subversion-javahl-1.7.14-7.el7_1.1.i686.rpm subversion-javahl-1.7.14-7.el7_1.1.x86_64.rpm subversion-kde-1.7.14-7.el7_1.1.i686.rpm subversion-kde-1.7.14-7.el7_1.1.x86_64.rpm subversion-perl-1.7.14-7.el7_1.1.i686.rpm subversion-perl-1.7.14-7.el7_1.1.x86_64.rpm subversion-python-1.7.14-7.el7_1.1.x86_64.rpm subversion-ruby-1.7.14-7.el7_1.1.i686.rpm subversion-ruby-1.7.14-7.el7_1.1.x86_64.rpm subversion-tools-1.7.14-7.el7_1.1.x86_64.rpm
Red Hat Enterprise Linux Server Optional (v. 7):
ppc64le: subversion-debuginfo-1.7.14-7.ael7b_1.1.ppc64le.rpm subversion-devel-1.7.14-7.ael7b_1.1.ppc64le.rpm subversion-gnome-1.7.14-7.ael7b_1.1.ppc64le.rpm subversion-javahl-1.7.14-7.ael7b_1.1.ppc64le.rpm subversion-kde-1.7.14-7.ael7b_1.1.ppc64le.rpm subversion-perl-1.7.14-7.ael7b_1.1.ppc64le.rpm subversion-python-1.7.14-7.ael7b_1.1.ppc64le.rpm subversion-ruby-1.7.14-7.ael7b_1.1.ppc64le.rpm subversion-tools-1.7.14-7.ael7b_1.1.ppc64le.rpm
Red Hat Enterprise Linux Workstation (v. 7):
Source: subversion-1.7.14-7.el7_1.1.src.rpm
x86_64: mod_dav_svn-1.7.14-7.el7_1.1.x86_64.rpm subversion-1.7.14-7.el7_1.1.x86_64.rpm subversion-debuginfo-1.7.14-7.el7_1.1.i686.rpm subversion-debuginfo-1.7.14-7.el7_1.1.x86_64.rpm subversion-libs-1.7.14-7.el7_1.1.i686.rpm subversion-libs-1.7.14-7.el7_1.1.x86_64.rpm
Red Hat Enterprise Linux Workstation Optional (v. 7):
x86_64: subversion-1.7.14-7.el7_1.1.i686.rpm subversion-debuginfo-1.7.14-7.el7_1.1.i686.rpm subversion-debuginfo-1.7.14-7.el7_1.1.x86_64.rpm subversion-devel-1.7.14-7.el7_1.1.i686.rpm subversion-devel-1.7.14-7.el7_1.1.x86_64.rpm subversion-gnome-1.7.14-7.el7_1.1.i686.rpm subversion-gnome-1.7.14-7.el7_1.1.x86_64.rpm subversion-javahl-1.7.14-7.el7_1.1.i686.rpm subversion-javahl-1.7.14-7.el7_1.1.x86_64.rpm subversion-kde-1.7.14-7.el7_1.1.i686.rpm subversion-kde-1.7.14-7.el7_1.1.x86_64.rpm subversion-perl-1.7.14-7.el7_1.1.i686.rpm subversion-perl-1.7.14-7.el7_1.1.x86_64.rpm subversion-python-1.7.14-7.el7_1.1.x86_64.rpm subversion-ruby-1.7.14-7.el7_1.1.i686.rpm subversion-ruby-1.7.14-7.el7_1.1.x86_64.rpm subversion-tools-1.7.14-7.el7_1.1.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2015-0248 https://access.redhat.com/security/cve/CVE-2015-0251 https://access.redhat.com/security/cve/CVE-2015-3184 https://access.redhat.com/security/cve/CVE-2015-3187 https://access.redhat.com/security/updates/classification/#moderate https://subversion.apache.org/security/CVE-2015-0248-advisory.txt https://subversion.apache.org/security/CVE-2015-3184-advisory.txt https://subversion.apache.org/security/CVE-2015-0251-advisory.txt https://subversion.apache.org/security/CVE-2015-3187-advisory.txt
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2015 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iD8DBQFV7t6+XlSAg2UNWIIRAivqAKCtV0lnW3RGFsCNsKIU9lBHeBk4UQCdE8/b KVJwbobNcmPzKule+9U7RnM= =F2J4 -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201504-0064",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "subversion",
"scope": "eq",
"trust": 1.9,
"vendor": "apache",
"version": "1.6.14"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.9,
"vendor": "apache",
"version": "1.6.13"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.9,
"vendor": "apache",
"version": "1.6.12"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.9,
"vendor": "apache",
"version": "1.6.11"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.9,
"vendor": "apache",
"version": "1.6.10"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.9,
"vendor": "apache",
"version": "1.6.17"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.9,
"vendor": "apache",
"version": "1.6.16"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.9,
"vendor": "apache",
"version": "1.6.15"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.9,
"vendor": "apache",
"version": "1.6.1"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.9,
"vendor": "apache",
"version": "1.6.0"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "1.8.11"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "1.8.10"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "1.8.9"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "1.8.5"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "1.8.1"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "1.7.19"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "1.7.18"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "1.7.17"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "1.7.16"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "1.7.11"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "1.7.10"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "1.7.1"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "1.6.23"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "1.6.21"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "1.6.20"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "1.6.19"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "1.6.18"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "1.6.6"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "1.6.5"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "1.6.3"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "1.6.2"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "1.8.8"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "1.8.7"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "1.8.6"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "1.8.4"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "1.8.3"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "1.8.2"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "1.7.9"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "1.7.8"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "1.7.7"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "1.7.6"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "1.7.5"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "1.7.4"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "1.7.3"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "1.7.2"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "1.7.15"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "1.7.14"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "1.7.13"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "1.7.12"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "1.6.9"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "1.6.8"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "1.6.7"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "1.6.4"
},
{
"model": "opensuse",
"scope": "eq",
"trust": 1.0,
"vendor": "opensuse",
"version": "13.2"
},
{
"model": "enterprise linux server",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "6.0"
},
{
"model": "opensuse",
"scope": "eq",
"trust": 1.0,
"vendor": "opensuse",
"version": "13.1"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "1.8.0"
},
{
"model": "enterprise linux desktop",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "6.0"
},
{
"model": "enterprise linux hpc node",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "6"
},
{
"model": "enterprise linux server eus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "6.7.z"
},
{
"model": "enterprise linux workstation",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "6.0"
},
{
"model": "subversion",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "1.7.0"
},
{
"model": "xcode",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "7.0"
},
{
"model": "solaris",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "11.3"
},
{
"model": "subversion",
"scope": "eq",
"trust": 0.8,
"vendor": "apache",
"version": "1.6.0 to 1.7.19"
},
{
"model": "subversion",
"scope": "eq",
"trust": 0.8,
"vendor": "apache",
"version": "1.8.0 to 1.8.11"
},
{
"model": "xcode",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "7.0 (os x yosemite v10.10.4 or later )"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "15.04"
},
{
"model": "linux lts",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "14.04"
},
{
"model": "linux lts i386",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "12.04"
},
{
"model": "linux lts amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "12.04"
},
{
"model": "enterprise linux workstation optional",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"model": "enterprise linux workstation",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"model": "enterprise linux server optional",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"model": "enterprise linux server",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"model": "enterprise linux hpc node optional",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"model": "enterprise linux desktop optional",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.2"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6"
},
{
"model": "linux",
"scope": null,
"trust": 0.3,
"vendor": "gentoo",
"version": null
},
{
"model": "linux sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux s/390",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux mips",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux ia-64",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux ia-32",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux arm",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "centos",
"scope": "eq",
"trust": 0.3,
"vendor": "centos",
"version": "7"
},
{
"model": "centos",
"scope": "eq",
"trust": 0.3,
"vendor": "centos",
"version": "6"
},
{
"model": "xcode",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.0.1"
},
{
"model": "xcode",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "2.4.1"
},
{
"model": "xcode",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.3"
},
{
"model": "xcode",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.2"
},
{
"model": "xcode",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "6.0"
},
{
"model": "xcode",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "5.0"
},
{
"model": "xcode",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.4"
},
{
"model": "xcode",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.3.3"
},
{
"model": "xcode",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.3.2"
},
{
"model": "xcode",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.3.1"
},
{
"model": "xcode",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.3"
},
{
"model": "xcode",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.2.1"
},
{
"model": "xcode",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.2"
},
{
"model": "xcode",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.1.1"
},
{
"model": "xcode",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.0.2"
},
{
"model": "xcode",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.0.1"
},
{
"model": "xcode",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.2.5"
},
{
"model": "xcode",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.2.4"
},
{
"model": "xcode",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.2.3"
},
{
"model": "xcode",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.2.2"
},
{
"model": "xcode",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.2.1"
},
{
"model": "xcode",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.1.4"
},
{
"model": "xcode",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.1.3"
},
{
"model": "xcode",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.1.2"
},
{
"model": "xcode",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.1.1"
},
{
"model": "xcode",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.1"
},
{
"model": "xcode",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.0"
},
{
"model": "xcode",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "2.3"
},
{
"model": "xcode",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "2.2"
},
{
"model": "xcode",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "2.1"
},
{
"model": "xcode",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "2.0"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.10.5"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.10.4"
},
{
"model": "subversion",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "1.8"
},
{
"model": "subversion",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "1.7"
},
{
"model": "subversion",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "1.6.22"
},
{
"model": "xcode",
"scope": "ne",
"trust": 0.3,
"vendor": "apple",
"version": "7.0"
},
{
"model": "subversion",
"scope": "ne",
"trust": 0.3,
"vendor": "apache",
"version": "1.8.13"
},
{
"model": "subversion",
"scope": "ne",
"trust": 0.3,
"vendor": "apache",
"version": "1.7.20"
}
],
"sources": [
{
"db": "BID",
"id": "74260"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002129"
},
{
"db": "CNNVD",
"id": "CNNVD-201504-099"
},
{
"db": "NVD",
"id": "CVE-2015-0248"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:apache:subversion",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:apple:xcode",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-002129"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "JPCERT/CC notified CISA of these vulnerabilities.",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201504-099"
}
],
"trust": 0.6
},
"cve": "CVE-2015-0248",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2015-0248",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-78194",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2015-0248",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2015-0248",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-201504-099",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-78194",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2015-0248",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-78194"
},
{
"db": "VULMON",
"id": "CVE-2015-0248"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002129"
},
{
"db": "CNNVD",
"id": "CNNVD-201504-099"
},
{
"db": "NVD",
"id": "CVE-2015-0248"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The (1) mod_dav_svn and (2) svnserve servers in Subversion 1.6.0 through 1.7.19 and 1.8.0 through 1.8.11 allow remote attackers to cause a denial of service (assertion failure and abort) via crafted parameter combinations related to dynamically evaluated revision numbers. Apache Subversion is prone to multiple denial-of-service vulnerabilities. \nAn attacker may exploit these issues to crash the affected application, resulting in a denial-of-service condition. The system is compatible with the Concurrent Versions System (CVS). A security vulnerability exists in the mod_dav_svn and svnserve servers of Subversion versions 1.6.0 through 1.7.19 and 1.8.0 through 1.8.11. \n\nFor the stable distribution (wheezy), these problems have been fixed in\nversion 1.6.17dfsg-4+deb7u9. \n\nFor the upcoming stable distribution (jessie), these problems have been\nfixed in version 1.8.10-6. \n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 1.8.10-6. ============================================================================\nUbuntu Security Notice USN-2721-1\nAugust 20, 2015\n\nsubversion vulnerabilities\n============================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 15.04\n- Ubuntu 14.04 LTS\n- Ubuntu 12.04 LTS\n\nSummary:\n\nSeveral security issues were fixed in Subversion. \n\nSoftware Description:\n- subversion: Advanced version control system\n\nDetails:\n\nIt was discovered that the Subversion mod_dav_svn module incorrectly\nhandled REPORT requests for a resource that does not exist. This issue only affected Ubuntu 12.04 LTS and Ubuntu\n14.04 LTS. (CVE-2014-3580)\n\nIt was discovered that the Subversion mod_dav_svn module incorrectly\nhandled requests requiring a lookup for a virtual transaction name that\ndoes not exist. This issue only affected Ubuntu\n14.04 LTS. (CVE-2014-8108)\n\nEvgeny Kotkov discovered that the Subversion mod_dav_svn module incorrectly\nhandled large numbers of REPORT requests. This\nissue only affected Ubuntu 14.04 LTS and Ubuntu 15.04. (CVE-2015-0202)\n\nEvgeny Kotkov discovered that the Subversion mod_dav_svn and svnserve\nmodules incorrectly certain crafted parameter combinations. (CVE-2015-0248)\n\nIvan Zhakov discovered that the Subversion mod_dav_svn module incorrectly\nhandled crafted v1 HTTP protocol request sequences. (CVE-2015-0251)\n\nC. A remote attacker could use this\nissue to read hidden files via the path name. This issue only affected\nUbuntu 14.04 LTS and Ubuntu 15.04. (CVE-2015-3184)\n\nC. Michael Pilato discovered that Subversion incorrectly handled path-based\nauthorization. A remote attacker could use this issue to obtain sensitive\npath information. (CVE-2015-3187)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 15.04:\n libapache2-svn 1.8.10-5ubuntu1.1\n libsvn1 1.8.10-5ubuntu1.1\n subversion 1.8.10-5ubuntu1.1\n\nUbuntu 14.04 LTS:\n libapache2-svn 1.8.8-1ubuntu3.2\n libsvn1 1.8.8-1ubuntu3.2\n subversion 1.8.8-1ubuntu3.2\n\nUbuntu 12.04 LTS:\n libapache2-svn 1.6.17dfsg-3ubuntu3.5\n libsvn1 1.6.17dfsg-3ubuntu3.5\n subversion 1.6.17dfsg-3ubuntu3.5\n\nIn general, a standard system update will make all the necessary changes. \n \n The updated packages have been upgraded to the 1.7.20 and 1.8.13\n versions where these security flaws has been fixed. The verification\n of md5 checksums and GPG signatures is performed automatically for you. 6) - i386, noarch, x86_64\n\n3. \n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 201610-05\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Normal\n Title: Subversion, Serf: Multiple Vulnerabilities\n Date: October 11, 2016\n Bugs: #500482, #518716, #519202, #545348, #556076, #567810,\n #581448, #586046\n ID: 201610-05\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities have been found in Subversion and Serf, the\nworst of which could lead to execution of arbitrary code. \n\nBackground\n==========\n\nSubversion is a version control system intended to eventually replace\nCVS. Like CVS, it has an optional client-server architecture (where the\nserver can be an Apache server running mod_svn, or an ssh program as in\nCVS\u0027s :ext: method). In addition to supporting the features found in\nCVS, Subversion also provides support for moving and copying files and\ndirectories. \n\nThe serf library is a high performance C-based HTTP client library\nbuilt upon the Apache Portable Runtime (APR) library. \n\nAffected packages\n=================\n\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 dev-vcs/subversion \u003c 1.9.4 \u003e= 1.9.4\n *\u003e 1.8.16\n 2 net-libs/serf \u003c 1.3.7 \u003e= 1.3.7\n -------------------------------------------------------------------\n 2 affected packages\n\nDescription\n===========\n\nMultiple vulnerabilities have been discovered in Subversion and Serf. \nPlease review the CVE identifiers referenced below for details\n\nImpact\n======\n\nA remote attacker could possibly execute arbitrary code with the\nprivileges of the process, conduct a man-in-the-middle attack, obtain\nsensitive information, or cause a Denial of Service Condition. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll Subversion users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=dev-vcs/subversion-1.9.4\"\n\nAll Serf users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=net-libs/serf-1.3.7\"\n\nReferences\n==========\n\n[ 1 ] CVE-2014-0032\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0032\n[ 2 ] CVE-2014-3504\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3504\n[ 3 ] CVE-2014-3522\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3522\n[ 4 ] CVE-2014-3528\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3528\n[ 5 ] CVE-2015-0202\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0202\n[ 6 ] CVE-2015-0248\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0248\n[ 7 ] CVE-2015-0251\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0251\n[ 8 ] CVE-2015-3184\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3184\n[ 9 ] CVE-2015-3187\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3187\n[ 10 ] CVE-2015-5259\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5259\n[ 11 ] CVE-2016-2167\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2167\n[ 12 ] CVE-2016-2168\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2168\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/201610-05\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2016 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n\n\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\nAPPLE-SA-2015-09-16-2 Xcode 7.0\n\nXcode 7.0 is now available and addresses the following:\n\nDevTools\nAvailable for: OS X Yosemite v10.10.4 or later\nImpact: An attacker may be able to bypass access restrictions\nDescription: An API issue existed in the apache configuration. \nCVE-ID\nCVE-2015-3185 : Branko Aibej of the Apache Software Foundation\n\nIDE Xcode Server\nAvailable for: OS X Yosemite 10.10 or later\nImpact: An attacker may be able to access restricted parts of the\nfilesystem\nDescription: A comparison issue existed in the node.js send module\nprior to version 0.8.4. This issue was addressed by upgrading to\nversion 0.12.3. \nCVE-ID\nCVE-2014-6394 : Ilya Kantor\n\nIDE Xcode Server\nAvailable for: OS X Yosemite v10.10.4 or later\nImpact: Multiple vulnerabilties in OpenSSL\nDescription: Multiple vulnerabilties existed in the node.js OpenSSL\nmodule prior to version 1.0.1j. These issues were addressed by\nupdating openssl to version 1.0.1j. \nCVE-ID\nCVE-2014-3513\nCVE-2014-3566\nCVE-2014-3567\nCVE-2014-3568\n\nIDE Xcode Server\nAvailable for: OS X Yosemite v10.10.4 or later\nImpact: An attacker with a privileged network position may be able\nto inspect traffic to Xcode Server\nDescription: Connections to Xcode Server may have been made without\nencryption. This issue was addressed through improved network\nconnection logic. \nCVE-ID\nCVE-2015-5910 : an anonymous researcher\n\nIDE Xcode Server\nAvailable for: OS X Yosemite v10.10.4 or later\nImpact: Build notifications may be sent to unintended recipients\nDescription: An access issue existed in the handling of repository\nemail lists. This issue was addressed through improved validation. \nCVE-ID\nCVE-2015-5909 : Daniel Tomlinson of Rocket Apps, David Gatwood of\nAnchorfree\n\nsubversion\nAvailable for: OS X Yosemite v10.10.4 or later\nImpact: Multiple vulnerabilities existed in svn versions prior to\n1.7.19\nDescription: Multiple vulnerabilities existed in svn versions prior\nto 1.7.19. These issues were addressed by updating svn to version\n1.7.20. \nCVE-ID\nCVE-2015-0248\nCVE-2015-0251\n\n\nXcode 7.0 may be obtained from:\nhttps://developer.apple.com/xcode/downloads/\n\nTo check that the Xcode has been updated:\n\n* Select Xcode in the menu bar\n* Select About Xcode\n* The version after applying this update will be \"7.0\". \n\nInformation will also be posted to the Apple Security Updates\nweb site: https://support.apple.com/kb/HT201222\n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n\n-----BEGIN PGP SIGNATURE-----\nComment: GPGTools - http://gpgtools.org\n\niQIcBAEBCAAGBQJV+axlAAoJEBcWfLTuOo7tzuMQAJhCQaeClT0rDozh+WlKgM6f\nX86xFeXLJ1gjlPKH183Bvm2gTW0m5kQuoNK1grarMB+rEeb8mPsOczwrIJisxVlr\n5zkW/7JktHcsBU5vUa4j4T/CEJjp92VPZ4ub3k3eQOrhinn4E86uKcMxrYoQOAE0\nYFMSDaPBFy+LIJ08ROB/AH8fkGJMLRCRAp43IGgzNuxCDx9jzW97m1dh86mR1CxP\nGdhWRvN7T5YqXyJTw6pZbEHtVXjty8appe2ScvHByCRxa4gZq+/JinHInLjaB4p7\n3o58rAWh7lDhcEi3HqkIu0YW6fLslPydCHTI4cH1PCHTuevNjjvK34IqMbD0jG/t\ntO+vQFhwXpD5chsSB2oP2zLOWAJ7BA5uwvArkJhGKKzQ5DEI0soLBWG7Koe3RitO\nHokIMyx0r+sf4YD+OP4RVPU9bU4FpayXZnECmHzWmK2vguihbIzjxq+Knvx7aiF9\njs1Qn0DxT2puVYdhixtkvYKT7r8XRjI8MPLEwS+tX1Yg1Lqhz2G1MR6mO9iBW56L\ng5deOuCVc56qeaobuUK0clvdFYtyd5jIXgh0zspZ4ssCbbdCOTZUQaG1mBGkIf3R\nJgWTX8ny1Fdk9om3dmZVWUCzzqxJR/tm5M7kjGc425ZGaoBRWLga1VIjNz7MEfKS\nYMBNmqt6weEewNqyDMnX\n=SGgX\n-----END PGP SIGNATURE-----\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Moderate: subversion security update\nAdvisory ID: RHSA-2015:1742-01\nProduct: Red Hat Enterprise Linux\nAdvisory URL: https://rhn.redhat.com/errata/RHSA-2015-1742.html\nIssue date: 2015-09-08\nCVE Names: CVE-2015-0248 CVE-2015-0251 CVE-2015-3184 \n CVE-2015-3187 \n=====================================================================\n\n1. Summary:\n\nUpdated subversion packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 7. \n\nRed Hat Product Security has rated this update as having Moderate security\nimpact. Common Vulnerability Scoring System (CVSS) base scores, which give\ndetailed severity ratings, are available for each vulnerability from the\nCVE links in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux Client Optional (v. 7) - x86_64\nRed Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64\nRed Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux Workstation (v. 7) - x86_64\nRed Hat Enterprise Linux Workstation Optional (v. 7) - x86_64\n\n3. Description:\n\nSubversion (SVN) is a concurrent version control system which enables one\nor more users to collaborate in developing and maintaining a hierarchy of\nfiles and directories while keeping a history of all changes. The\nmod_dav_svn module is used with the Apache HTTP Server to allow access\nto Subversion repositories via HTTP. A remote\nattacker could use this flaw to cause the SVN server (both svnserve and\nhttpd with the mod_dav_svn module) to crash. (CVE-2015-0248)\n\nIt was found that the mod_authz_svn module did not properly restrict\nanonymous access to Subversion repositories under certain configurations\nwhen used with Apache httpd 2.4.x. This could allow a user to anonymously\naccess files in a Subversion repository, which should only be accessible to\nauthenticated users. (CVE-2015-3184)\n\nIt was found that the mod_dav_svn module did not properly validate the\nsvn:author property of certain requests. An attacker able to create new\nrevisions could use this flaw to spoof the svn:author property. \n(CVE-2015-0251)\n\nIt was found that when an SVN server (both svnserve and httpd with the\nmod_dav_svn module) searched the history of a file or a directory, it would\ndisclose its location in the repository if that file or directory was not\nreadable (for example, if it had been moved). (CVE-2015-3187)\n\nRed Hat would like to thank the Apache Software Foundation for reporting\nthese issues. Upstream acknowledges Evgeny Kotkov of VisualSVN as the\noriginal reporter of CVE-2015-0248 and CVE-2015-0251, and C. Michael\nPilato of CollabNet as the original reporter of CVE-2015-3184 and\nCVE-2015-3187 flaws. \n\nAll subversion users should upgrade to these updated packages, which\ncontain backported patches to correct these issues. After installing the\nupdated packages, for the update to take effect, you must restart the httpd\ndaemon, if you are using mod_dav_svn, and the svnserve daemon, if you are\nserving Subversion repositories via the svn:// protocol. \n\n4. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied. \n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Package List:\n\nRed Hat Enterprise Linux Client Optional (v. 7):\n\nSource:\nsubversion-1.7.14-7.el7_1.1.src.rpm\n\nx86_64:\nmod_dav_svn-1.7.14-7.el7_1.1.x86_64.rpm\nsubversion-1.7.14-7.el7_1.1.i686.rpm\nsubversion-1.7.14-7.el7_1.1.x86_64.rpm\nsubversion-debuginfo-1.7.14-7.el7_1.1.i686.rpm\nsubversion-debuginfo-1.7.14-7.el7_1.1.x86_64.rpm\nsubversion-devel-1.7.14-7.el7_1.1.i686.rpm\nsubversion-devel-1.7.14-7.el7_1.1.x86_64.rpm\nsubversion-gnome-1.7.14-7.el7_1.1.i686.rpm\nsubversion-gnome-1.7.14-7.el7_1.1.x86_64.rpm\nsubversion-javahl-1.7.14-7.el7_1.1.i686.rpm\nsubversion-javahl-1.7.14-7.el7_1.1.x86_64.rpm\nsubversion-kde-1.7.14-7.el7_1.1.i686.rpm\nsubversion-kde-1.7.14-7.el7_1.1.x86_64.rpm\nsubversion-libs-1.7.14-7.el7_1.1.i686.rpm\nsubversion-libs-1.7.14-7.el7_1.1.x86_64.rpm\nsubversion-perl-1.7.14-7.el7_1.1.i686.rpm\nsubversion-perl-1.7.14-7.el7_1.1.x86_64.rpm\nsubversion-python-1.7.14-7.el7_1.1.x86_64.rpm\nsubversion-ruby-1.7.14-7.el7_1.1.i686.rpm\nsubversion-ruby-1.7.14-7.el7_1.1.x86_64.rpm\nsubversion-tools-1.7.14-7.el7_1.1.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode Optional (v. 7):\n\nSource:\nsubversion-1.7.14-7.el7_1.1.src.rpm\n\nx86_64:\nmod_dav_svn-1.7.14-7.el7_1.1.x86_64.rpm\nsubversion-1.7.14-7.el7_1.1.i686.rpm\nsubversion-1.7.14-7.el7_1.1.x86_64.rpm\nsubversion-debuginfo-1.7.14-7.el7_1.1.i686.rpm\nsubversion-debuginfo-1.7.14-7.el7_1.1.x86_64.rpm\nsubversion-devel-1.7.14-7.el7_1.1.i686.rpm\nsubversion-devel-1.7.14-7.el7_1.1.x86_64.rpm\nsubversion-gnome-1.7.14-7.el7_1.1.i686.rpm\nsubversion-gnome-1.7.14-7.el7_1.1.x86_64.rpm\nsubversion-javahl-1.7.14-7.el7_1.1.i686.rpm\nsubversion-javahl-1.7.14-7.el7_1.1.x86_64.rpm\nsubversion-kde-1.7.14-7.el7_1.1.i686.rpm\nsubversion-kde-1.7.14-7.el7_1.1.x86_64.rpm\nsubversion-libs-1.7.14-7.el7_1.1.i686.rpm\nsubversion-libs-1.7.14-7.el7_1.1.x86_64.rpm\nsubversion-perl-1.7.14-7.el7_1.1.i686.rpm\nsubversion-perl-1.7.14-7.el7_1.1.x86_64.rpm\nsubversion-python-1.7.14-7.el7_1.1.x86_64.rpm\nsubversion-ruby-1.7.14-7.el7_1.1.i686.rpm\nsubversion-ruby-1.7.14-7.el7_1.1.x86_64.rpm\nsubversion-tools-1.7.14-7.el7_1.1.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 7):\n\nSource:\nsubversion-1.7.14-7.el7_1.1.src.rpm\n\nppc64:\nmod_dav_svn-1.7.14-7.el7_1.1.ppc64.rpm\nsubversion-1.7.14-7.el7_1.1.ppc64.rpm\nsubversion-debuginfo-1.7.14-7.el7_1.1.ppc.rpm\nsubversion-debuginfo-1.7.14-7.el7_1.1.ppc64.rpm\nsubversion-libs-1.7.14-7.el7_1.1.ppc.rpm\nsubversion-libs-1.7.14-7.el7_1.1.ppc64.rpm\n\ns390x:\nmod_dav_svn-1.7.14-7.el7_1.1.s390x.rpm\nsubversion-1.7.14-7.el7_1.1.s390x.rpm\nsubversion-debuginfo-1.7.14-7.el7_1.1.s390.rpm\nsubversion-debuginfo-1.7.14-7.el7_1.1.s390x.rpm\nsubversion-libs-1.7.14-7.el7_1.1.s390.rpm\nsubversion-libs-1.7.14-7.el7_1.1.s390x.rpm\n\nx86_64:\nmod_dav_svn-1.7.14-7.el7_1.1.x86_64.rpm\nsubversion-1.7.14-7.el7_1.1.x86_64.rpm\nsubversion-debuginfo-1.7.14-7.el7_1.1.i686.rpm\nsubversion-debuginfo-1.7.14-7.el7_1.1.x86_64.rpm\nsubversion-libs-1.7.14-7.el7_1.1.i686.rpm\nsubversion-libs-1.7.14-7.el7_1.1.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 7):\n\nSource:\nsubversion-1.7.14-7.ael7b_1.1.src.rpm\n\nppc64le:\nmod_dav_svn-1.7.14-7.ael7b_1.1.ppc64le.rpm\nsubversion-1.7.14-7.ael7b_1.1.ppc64le.rpm\nsubversion-debuginfo-1.7.14-7.ael7b_1.1.ppc64le.rpm\nsubversion-libs-1.7.14-7.ael7b_1.1.ppc64le.rpm\n\nRed Hat Enterprise Linux Server Optional (v. 7):\n\nppc64:\nsubversion-1.7.14-7.el7_1.1.ppc.rpm\nsubversion-debuginfo-1.7.14-7.el7_1.1.ppc.rpm\nsubversion-debuginfo-1.7.14-7.el7_1.1.ppc64.rpm\nsubversion-devel-1.7.14-7.el7_1.1.ppc.rpm\nsubversion-devel-1.7.14-7.el7_1.1.ppc64.rpm\nsubversion-gnome-1.7.14-7.el7_1.1.ppc.rpm\nsubversion-gnome-1.7.14-7.el7_1.1.ppc64.rpm\nsubversion-javahl-1.7.14-7.el7_1.1.ppc.rpm\nsubversion-javahl-1.7.14-7.el7_1.1.ppc64.rpm\nsubversion-kde-1.7.14-7.el7_1.1.ppc.rpm\nsubversion-kde-1.7.14-7.el7_1.1.ppc64.rpm\nsubversion-perl-1.7.14-7.el7_1.1.ppc.rpm\nsubversion-perl-1.7.14-7.el7_1.1.ppc64.rpm\nsubversion-python-1.7.14-7.el7_1.1.ppc64.rpm\nsubversion-ruby-1.7.14-7.el7_1.1.ppc.rpm\nsubversion-ruby-1.7.14-7.el7_1.1.ppc64.rpm\nsubversion-tools-1.7.14-7.el7_1.1.ppc64.rpm\n\ns390x:\nsubversion-1.7.14-7.el7_1.1.s390.rpm\nsubversion-debuginfo-1.7.14-7.el7_1.1.s390.rpm\nsubversion-debuginfo-1.7.14-7.el7_1.1.s390x.rpm\nsubversion-devel-1.7.14-7.el7_1.1.s390.rpm\nsubversion-devel-1.7.14-7.el7_1.1.s390x.rpm\nsubversion-gnome-1.7.14-7.el7_1.1.s390.rpm\nsubversion-gnome-1.7.14-7.el7_1.1.s390x.rpm\nsubversion-javahl-1.7.14-7.el7_1.1.s390.rpm\nsubversion-javahl-1.7.14-7.el7_1.1.s390x.rpm\nsubversion-kde-1.7.14-7.el7_1.1.s390.rpm\nsubversion-kde-1.7.14-7.el7_1.1.s390x.rpm\nsubversion-perl-1.7.14-7.el7_1.1.s390.rpm\nsubversion-perl-1.7.14-7.el7_1.1.s390x.rpm\nsubversion-python-1.7.14-7.el7_1.1.s390x.rpm\nsubversion-ruby-1.7.14-7.el7_1.1.s390.rpm\nsubversion-ruby-1.7.14-7.el7_1.1.s390x.rpm\nsubversion-tools-1.7.14-7.el7_1.1.s390x.rpm\n\nx86_64:\nsubversion-1.7.14-7.el7_1.1.i686.rpm\nsubversion-debuginfo-1.7.14-7.el7_1.1.i686.rpm\nsubversion-debuginfo-1.7.14-7.el7_1.1.x86_64.rpm\nsubversion-devel-1.7.14-7.el7_1.1.i686.rpm\nsubversion-devel-1.7.14-7.el7_1.1.x86_64.rpm\nsubversion-gnome-1.7.14-7.el7_1.1.i686.rpm\nsubversion-gnome-1.7.14-7.el7_1.1.x86_64.rpm\nsubversion-javahl-1.7.14-7.el7_1.1.i686.rpm\nsubversion-javahl-1.7.14-7.el7_1.1.x86_64.rpm\nsubversion-kde-1.7.14-7.el7_1.1.i686.rpm\nsubversion-kde-1.7.14-7.el7_1.1.x86_64.rpm\nsubversion-perl-1.7.14-7.el7_1.1.i686.rpm\nsubversion-perl-1.7.14-7.el7_1.1.x86_64.rpm\nsubversion-python-1.7.14-7.el7_1.1.x86_64.rpm\nsubversion-ruby-1.7.14-7.el7_1.1.i686.rpm\nsubversion-ruby-1.7.14-7.el7_1.1.x86_64.rpm\nsubversion-tools-1.7.14-7.el7_1.1.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional (v. 7):\n\nppc64le:\nsubversion-debuginfo-1.7.14-7.ael7b_1.1.ppc64le.rpm\nsubversion-devel-1.7.14-7.ael7b_1.1.ppc64le.rpm\nsubversion-gnome-1.7.14-7.ael7b_1.1.ppc64le.rpm\nsubversion-javahl-1.7.14-7.ael7b_1.1.ppc64le.rpm\nsubversion-kde-1.7.14-7.ael7b_1.1.ppc64le.rpm\nsubversion-perl-1.7.14-7.ael7b_1.1.ppc64le.rpm\nsubversion-python-1.7.14-7.ael7b_1.1.ppc64le.rpm\nsubversion-ruby-1.7.14-7.ael7b_1.1.ppc64le.rpm\nsubversion-tools-1.7.14-7.ael7b_1.1.ppc64le.rpm\n\nRed Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nsubversion-1.7.14-7.el7_1.1.src.rpm\n\nx86_64:\nmod_dav_svn-1.7.14-7.el7_1.1.x86_64.rpm\nsubversion-1.7.14-7.el7_1.1.x86_64.rpm\nsubversion-debuginfo-1.7.14-7.el7_1.1.i686.rpm\nsubversion-debuginfo-1.7.14-7.el7_1.1.x86_64.rpm\nsubversion-libs-1.7.14-7.el7_1.1.i686.rpm\nsubversion-libs-1.7.14-7.el7_1.1.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation Optional (v. 7):\n\nx86_64:\nsubversion-1.7.14-7.el7_1.1.i686.rpm\nsubversion-debuginfo-1.7.14-7.el7_1.1.i686.rpm\nsubversion-debuginfo-1.7.14-7.el7_1.1.x86_64.rpm\nsubversion-devel-1.7.14-7.el7_1.1.i686.rpm\nsubversion-devel-1.7.14-7.el7_1.1.x86_64.rpm\nsubversion-gnome-1.7.14-7.el7_1.1.i686.rpm\nsubversion-gnome-1.7.14-7.el7_1.1.x86_64.rpm\nsubversion-javahl-1.7.14-7.el7_1.1.i686.rpm\nsubversion-javahl-1.7.14-7.el7_1.1.x86_64.rpm\nsubversion-kde-1.7.14-7.el7_1.1.i686.rpm\nsubversion-kde-1.7.14-7.el7_1.1.x86_64.rpm\nsubversion-perl-1.7.14-7.el7_1.1.i686.rpm\nsubversion-perl-1.7.14-7.el7_1.1.x86_64.rpm\nsubversion-python-1.7.14-7.el7_1.1.x86_64.rpm\nsubversion-ruby-1.7.14-7.el7_1.1.i686.rpm\nsubversion-ruby-1.7.14-7.el7_1.1.x86_64.rpm\nsubversion-tools-1.7.14-7.el7_1.1.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2015-0248\nhttps://access.redhat.com/security/cve/CVE-2015-0251\nhttps://access.redhat.com/security/cve/CVE-2015-3184\nhttps://access.redhat.com/security/cve/CVE-2015-3187\nhttps://access.redhat.com/security/updates/classification/#moderate\nhttps://subversion.apache.org/security/CVE-2015-0248-advisory.txt\nhttps://subversion.apache.org/security/CVE-2015-3184-advisory.txt\nhttps://subversion.apache.org/security/CVE-2015-0251-advisory.txt\nhttps://subversion.apache.org/security/CVE-2015-3187-advisory.txt\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2015 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niD8DBQFV7t6+XlSAg2UNWIIRAivqAKCtV0lnW3RGFsCNsKIU9lBHeBk4UQCdE8/b\nKVJwbobNcmPzKule+9U7RnM=\n=F2J4\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2015-0248"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002129"
},
{
"db": "BID",
"id": "74260"
},
{
"db": "VULHUB",
"id": "VHN-78194"
},
{
"db": "VULMON",
"id": "CVE-2015-0248"
},
{
"db": "PACKETSTORM",
"id": "131562"
},
{
"db": "PACKETSTORM",
"id": "133236"
},
{
"db": "PACKETSTORM",
"id": "131276"
},
{
"db": "PACKETSTORM",
"id": "133096"
},
{
"db": "PACKETSTORM",
"id": "139060"
},
{
"db": "PACKETSTORM",
"id": "133617"
},
{
"db": "PACKETSTORM",
"id": "133473"
}
],
"trust": 2.7
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2015-0248",
"trust": 3.6
},
{
"db": "BID",
"id": "74260",
"trust": 1.5
},
{
"db": "SECTRACK",
"id": "1033214",
"trust": 1.2
},
{
"db": "JVN",
"id": "JVNVU99970459",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002129",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201504-099",
"trust": 0.7
},
{
"db": "ICS CERT",
"id": "ICSA-22-123-01",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022050403",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "133473",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "131562",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "133096",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-78194",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2015-0248",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "133236",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "131276",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "139060",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "133617",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-78194"
},
{
"db": "VULMON",
"id": "CVE-2015-0248"
},
{
"db": "BID",
"id": "74260"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002129"
},
{
"db": "PACKETSTORM",
"id": "131562"
},
{
"db": "PACKETSTORM",
"id": "133236"
},
{
"db": "PACKETSTORM",
"id": "131276"
},
{
"db": "PACKETSTORM",
"id": "133096"
},
{
"db": "PACKETSTORM",
"id": "139060"
},
{
"db": "PACKETSTORM",
"id": "133617"
},
{
"db": "PACKETSTORM",
"id": "133473"
},
{
"db": "CNNVD",
"id": "CNNVD-201504-099"
},
{
"db": "NVD",
"id": "CVE-2015-0248"
}
]
},
"id": "VAR-201504-0064",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-78194"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-29T19:35:45.691000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "APPLE-SA-2015-09-16-2 Xcode 7.0",
"trust": 0.8,
"url": "http://lists.apple.com/archives/security-announce/2015/Sep/msg00002.html"
},
{
"title": "HT205217",
"trust": 0.8,
"url": "https://support.apple.com/en-us/HT205217"
},
{
"title": "HT205217",
"trust": 0.8,
"url": "http://support.apple.com/ja-jp/HT205217"
},
{
"title": "Oracle Solaris Third Party Bulletin - October 2015",
"trust": 0.8,
"url": "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html"
},
{
"title": "RHSA-2015:1633",
"trust": 0.8,
"url": "http://rhn.redhat.com/errata/RHSA-2015-1633.html"
},
{
"title": "CVE-2015-0248-advisory",
"trust": 0.8,
"url": "http://subversion.apache.org/security/CVE-2015-0248-advisory.txt"
},
{
"title": "subversion-1.7.20",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=54876"
},
{
"title": "subversion-1.8.13",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=54880"
},
{
"title": "subversion-1.8.13",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=54879"
},
{
"title": "subversion-1.7.20",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=54878"
},
{
"title": "subversion-1.7.20",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=54877"
},
{
"title": "subversion-1.8.13",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=54881"
},
{
"title": "Debian Security Advisories: DSA-3231-1 subversion -- security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=9dd5c0c7b53a0f19f49a9b42677637fd"
},
{
"title": "Red Hat: CVE-2015-0248",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=CVE-2015-0248"
},
{
"title": "Amazon Linux AMI: ALAS-2015-587",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=ALAS-2015-587"
},
{
"title": "Apple: Xcode 7.0",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories\u0026qid=768a45894d5a25fbf47fbec8f017a52b"
},
{
"title": "Ubuntu Security Notice: subversion vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-2721-1"
},
{
"title": "Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - October 2015",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins\u0026qid=92308e3c4d305e91c2eba8c9c6835e83"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2015-0248"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002129"
},
{
"db": "CNNVD",
"id": "CNNVD-201504-099"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-399",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-78194"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002129"
},
{
"db": "NVD",
"id": "CVE-2015-0248"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "http://subversion.apache.org/security/cve-2015-0248-advisory.txt"
},
{
"trust": 1.6,
"url": "http://rhn.redhat.com/errata/rhsa-2015-1742.html"
},
{
"trust": 1.3,
"url": "http://www.securityfocus.com/bid/74260"
},
{
"trust": 1.3,
"url": "https://security.gentoo.org/glsa/201610-05"
},
{
"trust": 1.3,
"url": "http://rhn.redhat.com/errata/rhsa-2015-1633.html"
},
{
"trust": 1.3,
"url": "http://www.ubuntu.com/usn/usn-2721-1"
},
{
"trust": 1.2,
"url": "http://lists.apple.com/archives/security-announce/2015/sep/msg00002.html"
},
{
"trust": 1.2,
"url": "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html"
},
{
"trust": 1.2,
"url": "https://support.apple.com/ht205217"
},
{
"trust": 1.2,
"url": "http://www.debian.org/security/2015/dsa-3231"
},
{
"trust": 1.2,
"url": "http://www.mandriva.com/security/advisories?name=mdvsa-2015:192"
},
{
"trust": 1.2,
"url": "http://www.securitytracker.com/id/1033214"
},
{
"trust": 1.2,
"url": "http://lists.opensuse.org/opensuse-updates/2015-04/msg00008.html"
},
{
"trust": 0.9,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0248"
},
{
"trust": 0.8,
"url": "http://jvn.jp/vu/jvnvu99970459/index.html"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-0248"
},
{
"trust": 0.8,
"url": "http://www.mandriva.com/en/support/security/advisories/advisory/mdvsa-2015:192/?name=mdvsa-2015:192"
},
{
"trust": 0.7,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-0248"
},
{
"trust": 0.7,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-0251"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022050403"
},
{
"trust": 0.6,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-22-123-01"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-3187"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2015-0248"
},
{
"trust": 0.3,
"url": "http://subversion.apache.org/"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-3184"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-0202"
},
{
"trust": 0.3,
"url": "http://subversion.apache.org/security/cve-2015-0251-advisory.txt"
},
{
"trust": 0.2,
"url": "http://www.debian.org/security/"
},
{
"trust": 0.2,
"url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2015-0251"
},
{
"trust": 0.2,
"url": "https://subversion.apache.org/security/cve-2015-3187-advisory.txt"
},
{
"trust": 0.2,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2015-3187"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/399.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/./dsa-3231"
},
{
"trust": 0.1,
"url": "https://usn.ubuntu.com/2721-1/"
},
{
"trust": 0.1,
"url": "http://www.debian.org/security/faq"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/subversion/1.6.17dfsg-3ubuntu3.5"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-8108"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-3580"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/subversion/1.8.8-1ubuntu3.2"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/subversion/1.8.10-5ubuntu1.1"
},
{
"trust": 0.1,
"url": "http://www.mandriva.com/en/support/security/"
},
{
"trust": 0.1,
"url": "http://www.mandriva.com/en/support/security/advisories/"
},
{
"trust": 0.1,
"url": "http://subversion.apache.org/security/cve-2015-0202-advisory.txt"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0202"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0251"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-3187"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-5259"
},
{
"trust": 0.1,
"url": "https://security.gentoo.org/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-0032"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-3528"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-3504"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-2168"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-2168"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-2167"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-2167"
},
{
"trust": 0.1,
"url": "http://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-0248"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-3184"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-3504"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-3522"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-5259"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-0251"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-0202"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-3522"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-3528"
},
{
"trust": 0.1,
"url": "https://bugs.gentoo.org."
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0032"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-3567"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-5910"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-3185"
},
{
"trust": 0.1,
"url": "https://support.apple.com/kb/ht201222"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-3568"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-3513"
},
{
"trust": 0.1,
"url": "https://www.apple.com/support/security/pgp/"
},
{
"trust": 0.1,
"url": "https://developer.apple.com/xcode/downloads/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-6394"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-5909"
},
{
"trust": 0.1,
"url": "http://gpgtools.org"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-3566"
},
{
"trust": 0.1,
"url": "https://subversion.apache.org/security/cve-2015-3184-advisory.txt"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2015-3184"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-78194"
},
{
"db": "VULMON",
"id": "CVE-2015-0248"
},
{
"db": "BID",
"id": "74260"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002129"
},
{
"db": "PACKETSTORM",
"id": "131562"
},
{
"db": "PACKETSTORM",
"id": "133236"
},
{
"db": "PACKETSTORM",
"id": "131276"
},
{
"db": "PACKETSTORM",
"id": "133096"
},
{
"db": "PACKETSTORM",
"id": "139060"
},
{
"db": "PACKETSTORM",
"id": "133617"
},
{
"db": "PACKETSTORM",
"id": "133473"
},
{
"db": "CNNVD",
"id": "CNNVD-201504-099"
},
{
"db": "NVD",
"id": "CVE-2015-0248"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-78194"
},
{
"db": "VULMON",
"id": "CVE-2015-0248"
},
{
"db": "BID",
"id": "74260"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002129"
},
{
"db": "PACKETSTORM",
"id": "131562"
},
{
"db": "PACKETSTORM",
"id": "133236"
},
{
"db": "PACKETSTORM",
"id": "131276"
},
{
"db": "PACKETSTORM",
"id": "133096"
},
{
"db": "PACKETSTORM",
"id": "139060"
},
{
"db": "PACKETSTORM",
"id": "133617"
},
{
"db": "PACKETSTORM",
"id": "133473"
},
{
"db": "CNNVD",
"id": "CNNVD-201504-099"
},
{
"db": "NVD",
"id": "CVE-2015-0248"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-04-08T00:00:00",
"db": "VULHUB",
"id": "VHN-78194"
},
{
"date": "2015-04-08T00:00:00",
"db": "VULMON",
"id": "CVE-2015-0248"
},
{
"date": "2015-04-13T00:00:00",
"db": "BID",
"id": "74260"
},
{
"date": "2015-04-10T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-002129"
},
{
"date": "2015-04-22T00:38:50",
"db": "PACKETSTORM",
"id": "131562"
},
{
"date": "2015-08-21T16:59:18",
"db": "PACKETSTORM",
"id": "133236"
},
{
"date": "2015-04-03T15:47:42",
"db": "PACKETSTORM",
"id": "131276"
},
{
"date": "2015-08-17T15:40:41",
"db": "PACKETSTORM",
"id": "133096"
},
{
"date": "2016-10-12T04:50:20",
"db": "PACKETSTORM",
"id": "139060"
},
{
"date": "2015-09-19T15:31:48",
"db": "PACKETSTORM",
"id": "133617"
},
{
"date": "2015-09-08T15:47:21",
"db": "PACKETSTORM",
"id": "133473"
},
{
"date": "2015-04-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201504-099"
},
{
"date": "2015-04-08T18:59:01.827000",
"db": "NVD",
"id": "CVE-2015-0248"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-10-30T00:00:00",
"db": "VULHUB",
"id": "VHN-78194"
},
{
"date": "2018-10-30T00:00:00",
"db": "VULMON",
"id": "CVE-2015-0248"
},
{
"date": "2016-10-26T01:16:00",
"db": "BID",
"id": "74260"
},
{
"date": "2015-10-30T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-002129"
},
{
"date": "2022-05-05T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201504-099"
},
{
"date": "2024-11-21T02:22:38.860000",
"db": "NVD",
"id": "CVE-2015-0248"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "133236"
},
{
"db": "PACKETSTORM",
"id": "133096"
},
{
"db": "PACKETSTORM",
"id": "133473"
},
{
"db": "CNNVD",
"id": "CNNVD-201504-099"
}
],
"trust": 0.9
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Subversion of mod_dav_svn and svnserve Service disruption at the server (DoS) Vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-002129"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "resource management error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201504-099"
}
],
"trust": 0.6
}
}
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.