Lucene search
RedhatCVE-2015-0251HistoryApr 08, 2015 - 6:59 p.m.
CVE-2015-0251
2015-04-0818:59:02
CWE-345
redhat
web.nvd.nist.gov
81
cve-2015-0251
nvd
mod_dav_svn
subversion
spoofing
authenticated users
v1 http protocol
CVSS2
4
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:S/C:N/I:P/A:N
AI Score
7.7
Confidence
High
EPSS
0.004
Percentile
74.9%
The mod_dav_svn server in Subversion 1.5.0 through 1.7.19 and 1.8.0 through 1.8.11 allows remote authenticated users to spoof the svn:author property via a crafted v1 HTTP protocol request sequences.
Affected configurations
Node
apachesubversionMatch1.5.0
ORapachesubversionMatch1.5.1
ORapachesubversionMatch1.5.2
ORapachesubversionMatch1.5.3
ORapachesubversionMatch1.5.4
ORapachesubversionMatch1.5.5
ORapachesubversionMatch1.5.6
ORapachesubversionMatch1.5.7
ORapachesubversionMatch1.5.8
ORapachesubversionMatch1.6.0
ORapachesubversionMatch1.6.1
ORapachesubversionMatch1.6.2
ORapachesubversionMatch1.6.3
ORapachesubversionMatch1.6.4
ORapachesubversionMatch1.6.5
ORapachesubversionMatch1.6.6
ORapachesubversionMatch1.6.7
ORapachesubversionMatch1.6.8
ORapachesubversionMatch1.6.9
ORapachesubversionMatch1.6.10
ORapachesubversionMatch1.6.11
ORapachesubversionMatch1.6.12
ORapachesubversionMatch1.6.13
ORapachesubversionMatch1.6.14
ORapachesubversionMatch1.6.15
ORapachesubversionMatch1.6.16
ORapachesubversionMatch1.6.17
ORapachesubversionMatch1.6.18
ORapachesubversionMatch1.6.19
ORapachesubversionMatch1.6.20
ORapachesubversionMatch1.6.21
ORapachesubversionMatch1.6.23
ORapachesubversionMatch1.7.0
ORapachesubversionMatch1.7.1
ORapachesubversionMatch1.7.2
ORapachesubversionMatch1.7.3
ORapachesubversionMatch1.7.4
ORapachesubversionMatch1.7.5
ORapachesubversionMatch1.7.6
ORapachesubversionMatch1.7.7
ORapachesubversionMatch1.7.8
ORapachesubversionMatch1.7.9
ORapachesubversionMatch1.7.10
ORapachesubversionMatch1.7.11
ORapachesubversionMatch1.7.12
ORapachesubversionMatch1.7.13
ORapachesubversionMatch1.7.14
ORapachesubversionMatch1.7.15
ORapachesubversionMatch1.7.16
ORapachesubversionMatch1.7.17
ORapachesubversionMatch1.7.18
ORapachesubversionMatch1.7.19
ORapachesubversionMatch1.8.0
ORapachesubversionMatch1.8.1
ORapachesubversionMatch1.8.2
ORapachesubversionMatch1.8.3
ORapachesubversionMatch1.8.4
ORapachesubversionMatch1.8.5
ORapachesubversionMatch1.8.6
ORapachesubversionMatch1.8.7
ORapachesubversionMatch1.8.8
ORapachesubversionMatch1.8.9
ORapachesubversionMatch1.8.10
ORapachesubversionMatch1.8.11
Node
opensuseopensuseMatch13.1
ORopensuseopensuseMatch13.2
Node
redhatenterprise_linux_desktopMatch6.0
ORredhatenterprise_linux_hpc_nodeMatch6.0
ORredhatenterprise_linux_serverMatch6.0
ORredhatenterprise_linux_server_eusMatch6.7.z
ORredhatenterprise_linux_workstationMatch6.0
Node
oraclesolarisMatch11.3
Node
applexcodeMatch7.0
| Vendor | Product | Version | CPE |
|---|---|---|---|
| apache | subversion | 1.5.0 | cpe:2.3:a:apache:subversion:1.5.0:*:*:*:*:*:*:* |
| apache | subversion | 1.5.1 | cpe:2.3:a:apache:subversion:1.5.1:*:*:*:*:*:*:* |
| apache | subversion | 1.5.2 | cpe:2.3:a:apache:subversion:1.5.2:*:*:*:*:*:*:* |
| apache | subversion | 1.5.3 | cpe:2.3:a:apache:subversion:1.5.3:*:*:*:*:*:*:* |
| apache | subversion | 1.5.4 | cpe:2.3:a:apache:subversion:1.5.4:*:*:*:*:*:*:* |
| apache | subversion | 1.5.5 | cpe:2.3:a:apache:subversion:1.5.5:*:*:*:*:*:*:* |
| apache | subversion | 1.5.6 | cpe:2.3:a:apache:subversion:1.5.6:*:*:*:*:*:*:* |
| apache | subversion | 1.5.7 | cpe:2.3:a:apache:subversion:1.5.7:*:*:*:*:*:*:* |
| apache | subversion | 1.5.8 | cpe:2.3:a:apache:subversion:1.5.8:*:*:*:*:*:*:* |
| apache | subversion | 1.6.0 | cpe:2.3:a:apache:subversion:1.6.0:*:*:*:*:*:*:* |
References
lists.apple.com/archives/security-announce/2015/Sep/msg00002.html
lists.opensuse.org/opensuse-updates/2015-04/msg00008.html
rhn.redhat.com/errata/RHSA-2015-1633.html
rhn.redhat.com/errata/RHSA-2015-1742.html
seclists.org/fulldisclosure/2015/Jun/32
subversion.apache.org/security/CVE-2015-0251-advisory.txt
www.debian.org/security/2015/dsa-3231
www.mandriva.com/security/advisories?name=MDVSA-2015:192
www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html
www.securityfocus.com/bid/74259
www.securitytracker.com/id/1033214
www.ubuntu.com/usn/USN-2721-1
security.gentoo.org/glsa/201610-05
support.apple.com/HT205217
Related
cvelist
cvelist
CVE-2015-0251
2015-04-08 18:00:00
debiancve
debiancve
CVE-2015-0251
2015-04-08 18:59:02
prion
prion
Design/Logic Flaw
2015-04-08 18:59:00
nvd
nvd
CVE-2015-0251
2015-04-08 18:59:02
ubuntucve
ubuntucve
CVE-2015-0251
2015-04-08 00:00:00
openvas
openvas
Apache Subversion Spoofing Vulnerability (May 2015)
2015-05-06 00:00:00
Debian: Security Advisory (DSA-3231-1)
2015-04-20 00:00:00
Debian Security Advisory DSA 3231-1 (subversion - security update)
2015-04-21 00:00:00
osv
osv
subversion - security update
2015-04-21 00:00:00
subversion - security update
2015-04-24 00:00:00
libsvn_auth_gnome_keyring-1-0-1.9.5-1.1 on GA media
2024-06-15 00:00:00
debian
debian
[SECURITY] [DSA 3231-1] subversion security update
2015-04-21 17:34:36
[SECURITY] [DSA 3231-1] subversion security update
2015-04-21 17:34:36
[SECURITY] [DLA 207-1] subversion security update
2015-04-24 09:40:22
nessus
nessus
Debian DSA-3231-1 : subversion - security update
2015-04-22 00:00:00
Mandriva Linux Security Advisory : subversion (MDVSA-2015:192)
2015-04-03 00:00:00
openSUSE Security Update : subversion (openSUSE-2015-289)
2015-04-08 00:00:00
fedora
fedora
[SECURITY] Fedora 21 Update: subversion-1.8.13-7.fc21
2015-07-29 01:54:00
redhat
redhat
(RHSA-2015:1633) Moderate: subversion security update
2015-08-17 00:00:00
(RHSA-2015:1742) Moderate: subversion security update
2015-09-08 00:00:00
veracode
veracode
Spoofable Server
2019-05-02 05:17:54
Information Disclosure
2019-05-02 05:17:54
securityvulns
securityvulns
Apache Subversion multiple security vulnerabilities
2015-04-07 00:00:00
[ MDVSA-2015:192 ] subversion
2015-04-07 00:00:00
[USN-2721-1] Subversion vulnerabilities
2015-08-24 00:00:00
mageia
mageia
Updated subversion packages fix security vulnerabilities
2015-05-03 03:19:16
oraclelinux
oraclelinux
subversion security update
2015-08-17 00:00:00
subversion security update
2015-09-08 00:00:00
amazon
amazon
Medium: subversion, mod_dav_svn
2015-08-24 22:27:00
centos
centos
mod_dav_svn, subversion security update
2015-08-17 15:33:54
mod_dav_svn, subversion security update
2015-09-08 21:07:49
f5
f5
freebsd
freebsd
subversion -- DoS vulnerabilities
2015-03-31 00:00:00
ubuntu
ubuntu
Subversion vulnerabilities
2015-08-20 00:00:00
suse
suse
Security update for subversion (important)
2017-08-17 12:10:12
gentoo
gentoo
Subversion, Serf: Multiple Vulnerabilities
2016-10-11 00:00:00
CVSS2
4
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:S/C:N/I:P/A:N
AI Score
7.7
Confidence
High
EPSS
0.004
Percentile
74.9%
Related for CVE-2015-0251