FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

subversion -- DoS vulnerabilities

Affected packages
1.8.0 <= mod_dav_svn < 1.8.11
1.0.0 <= subversion16 < 1.7.19
1.0.0 <= subversion17 < 1.7.19
1.0.0 <= subversion < 1.7.19
1.8.0 <= subversion < 1.8.11

Details

VuXML ID f5561ade-846c-11e4-b7a7-20cf30e32f6d
Discovery 2014-12-13
Entry 2014-12-15

Subversion Project reports:

Subversion's mod_dav_svn Apache HTTPD server module will crash when it receives a REPORT request for some invalid formatted special URIs.

Subversion's mod_dav_svn Apache HTTPD server module will crash when it receives a request for some invalid formatted special URIs.

We consider this to be a medium risk vulnerability. Repositories which allow for anonymous reads will be vulnerable without authentication. Unfortunately, no special configuration is required and all mod_dav_svn servers are vulnerable.

References

CVE Name CVE-2014-3580
CVE Name CVE-2014-8108
URL http://subversion.apache.org/security/CVE-2014-3580-advisory.txt
URL http://subversion.apache.org/security/CVE-2014-8108-advisory.txt