FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

subversion -- mod_dav_svn vulnerability

Affected packages
1.3.0 <= subversion < 1.7.16
1.8.0 <= subversion < 1.8.8
1.3.0 <= subversion16 < 1.7.16
1.3.0 <= subversion17 < 1.7.16

Details

VuXML ID 1839f78c-9f2b-11e3-980f-20cf30e32f6d
Discovery 2014-01-10
Entry 2014-02-26
Modified 2014-04-30

Subversion Project reports:

Subversion's mod_dav_svn Apache HTTPD server module will crash when it receives an OPTIONS request against the server root and Subversion is configured to handle the server root and SVNListParentPath is on. This can lead to a DoS. There are no known instances of this problem being exploited in the wild, but the details of how to exploit it have been disclosed on the Subversion development mailing list.

References

URL CVE-2014-0032
URL https://subversion.apache.org/security/CVE-2014-0032-advisory.txt