Lucene search

RedhatCVE-2013-4505

HistoryDec 07, 2013 - 8:55 p.m.

CVE-2013-4505

2013-12-0720:55:02

CWE-264

redhat

web.nvd.nist.gov

apache

subversion

mod_dontdothat

access restrictions

denial of service

cve-2013-4505

CVSS2

2.6

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:N/I:N/A:P

AI Score

6.5

Confidence

Low

EPSS

0.003

Percentile

68.7%

JSON

The is_this_legal function in mod_dontdothat for Apache Subversion 1.4.0 through 1.7.13 and 1.8.0 through 1.8.4 allows remote attackers to bypass intended access restrictions and possibly cause a denial of service (resource consumption) via a relative URL in a REPORT request.

Affected configurations

Nvd

Node

apachemod_dontdothatMatch-

AND

apachesubversionMatch1.4.0

apachesubversionMatch1.4.1

apachesubversionMatch1.4.2

apachesubversionMatch1.4.3

apachesubversionMatch1.4.4

apachesubversionMatch1.4.5

apachesubversionMatch1.4.6

apachesubversionMatch1.5.0

apachesubversionMatch1.5.1

apachesubversionMatch1.5.2

apachesubversionMatch1.5.3

apachesubversionMatch1.5.4

apachesubversionMatch1.5.5

apachesubversionMatch1.5.6

apachesubversionMatch1.5.7

apachesubversionMatch1.5.8

apachesubversionMatch1.6.0

apachesubversionMatch1.6.1

apachesubversionMatch1.6.2

apachesubversionMatch1.6.3

apachesubversionMatch1.6.4

apachesubversionMatch1.6.5

apachesubversionMatch1.6.6

apachesubversionMatch1.6.7

apachesubversionMatch1.6.8

apachesubversionMatch1.6.9

apachesubversionMatch1.6.10

apachesubversionMatch1.6.11

apachesubversionMatch1.6.12

apachesubversionMatch1.6.13

apachesubversionMatch1.6.14

apachesubversionMatch1.6.15

apachesubversionMatch1.6.16

apachesubversionMatch1.6.17

apachesubversionMatch1.6.18

apachesubversionMatch1.6.19

apachesubversionMatch1.6.20

apachesubversionMatch1.6.21

apachesubversionMatch1.6.23

apachesubversionMatch1.7.0

apachesubversionMatch1.7.1

apachesubversionMatch1.7.2

apachesubversionMatch1.7.3

apachesubversionMatch1.7.4

apachesubversionMatch1.7.5

apachesubversionMatch1.7.6

apachesubversionMatch1.7.7

apachesubversionMatch1.7.8

apachesubversionMatch1.7.9

apachesubversionMatch1.7.10

apachesubversionMatch1.7.11

apachesubversionMatch1.7.12

apachesubversionMatch1.8.1

VendorProductVersionCPE
apachemod_dontdothat-cpe:2.3:a:apache:mod_dontdothat:-:*:*:*:*:*:*:*
apachesubversion1.4.0cpe:2.3:a:apache:subversion:1.4.0:*:*:*:*:*:*:*
apachesubversion1.4.1cpe:2.3:a:apache:subversion:1.4.1:*:*:*:*:*:*:*
apachesubversion1.4.2cpe:2.3:a:apache:subversion:1.4.2:*:*:*:*:*:*:*
apachesubversion1.4.3cpe:2.3:a:apache:subversion:1.4.3:*:*:*:*:*:*:*
apachesubversion1.4.4cpe:2.3:a:apache:subversion:1.4.4:*:*:*:*:*:*:*
apachesubversion1.4.5cpe:2.3:a:apache:subversion:1.4.5:*:*:*:*:*:*:*
apachesubversion1.4.6cpe:2.3:a:apache:subversion:1.4.6:*:*:*:*:*:*:*
apachesubversion1.5.0cpe:2.3:a:apache:subversion:1.5.0:*:*:*:*:*:*:*
apachesubversion1.5.1cpe:2.3:a:apache:subversion:1.5.1:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
apache	mod_dontdothat	-	cpe:2.3:a:apache:mod_dontdothat:-:::::::*
apache	subversion	1.4.0	cpe:2.3:a:apache:subversion:1.4.0:::::::*
apache	subversion	1.4.1	cpe:2.3:a:apache:subversion:1.4.1:::::::*
apache	subversion	1.4.2	cpe:2.3:a:apache:subversion:1.4.2:::::::*
apache	subversion	1.4.3	cpe:2.3:a:apache:subversion:1.4.3:::::::*
apache	subversion	1.4.4	cpe:2.3:a:apache:subversion:1.4.4:::::::*
apache	subversion	1.4.5	cpe:2.3:a:apache:subversion:1.4.5:::::::*
apache	subversion	1.4.6	cpe:2.3:a:apache:subversion:1.4.6:::::::*
apache	subversion	1.5.0	cpe:2.3:a:apache:subversion:1.5.0:::::::*
apache	subversion	1.5.1	cpe:2.3:a:apache:subversion:1.5.1:::::::*