QwikSec

Security Database

CVE

CWE

Training

CVE-2014-0032

Published: Feb 14, 2014

Modified: Aug 6, 2024

PUBLISHED

Description

The get_resource function in repos.c in the mod_dav_svn module in Apache Subversion before 1.7.15 and 1.8.x before 1.8.6, when SVNListParentPath is enabled, allows remote attackers to cause a denial of service (crash) via vectors related to the server root and request methods other than GET, as demonstrated by the "svn ls http://svn.example.com" command.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

http://svn.apache.org/repos/asf/subversion/tags/1.8.6/CHANGES

x_refsource_CONFIRM

third-party-advisory

x_refsource_SECUNIA

third-party-advisory

x_refsource_SECUNIA

vendor-advisory

x_refsource_UBUNTU

vdb-entry

x_refsource_OSVDB

vendor-advisory

x_refsource_REDHAT

[subversion-dev] 20140110 2 Re: Segfault in mod_dav_svn with repositories on /

mailing-list

x_refsource_MLIST

http://svn.apache.org/viewvc?view=revision&revision=1557320

x_refsource_CONFIRM

vdb-entry

x_refsource_BID

http://support.apple.com/kb/HT6444

x_refsource_CONFIRM

[subversion-dev] 20140110 Sin mod_dav_svn with repositories on /

mailing-list

x_refsource_MLIST

openSUSE-SU-2014:0307

vendor-advisory

x_refsource_SUSE

third-party-advisory

x_refsource_SECUNIA

[subversion-dev] 20140110 Re: Segfault in mod_dav_svn with repositories on /

mailing-list

x_refsource_MLIST

http://svn.apache.org/repos/asf/subversion/tags/1.7.15/CHANGES

x_refsource_CONFIRM

apache-subversion-cve20140032-dos(90986)

vdb-entry

x_refsource_XF

openSUSE-SU-2014:0334

vendor-advisory

x_refsource_SUSE

vendor-advisory

x_refsource_GENTOO

http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html

x_refsource_CONFIRM

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.