5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.007 Low
EPSS
Percentile
80.7%
Subversion team reports:
Subversionβs mod_dav_svn Apache HTTPD server module will
dereference a NULL pointer if asked to deliver baselined WebDAV
resources.
This can lead to a DoS. An exploit has been tested, and tools
or users have been observed triggering this problem in the
wild.
Subversionβs mod_dav_svn Apache HTTPD server module may in
certain scenarios enter a logic loop which does not exit and
which allocates memory in each iteration, ultimately exhausting
all the available memory on the server.
This can lead to a DoS. There are no known instances of this
problem being observed in the wild, but an exploit has been
tested.
Subversionβs mod_dav_svn Apache HTTPD server module may leak to
remote users the file contents of files configured to be
unreadable by those users.
There are no known instances of this problem being observed in
the wild, but an exploit has been tested.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
FreeBSD | any | noarch | subversion | <Β 1.6.17 | UNKNOWN |
FreeBSD | any | noarch | subversion-freebsd | <Β 1.6.17 | UNKNOWN |