CVSS2
Attack Vector
NETWORK
Attack Complexity
HIGH
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:H/Au:N/C:N/I:N/A:P
AI Score
Confidence
Low
EPSS
Percentile
68.7%
The is_this_legal function in mod_dontdothat for Apache Subversion 1.4.0 through 1.7.13 and 1.8.0 through 1.8.4 allows remote attackers to bypass intended access restrictions and possibly cause a denial of service (resource consumption) via a relative URL in a REPORT request.
Vendor | Product | Version | CPE |
---|---|---|---|
apache | mod_dontdothat | - | cpe:2.3:a:apache:mod_dontdothat:-:*:*:*:*:*:*:* |
apache | subversion | 1.4.0 | cpe:2.3:a:apache:subversion:1.4.0:*:*:*:*:*:*:* |
apache | subversion | 1.4.1 | cpe:2.3:a:apache:subversion:1.4.1:*:*:*:*:*:*:* |
apache | subversion | 1.4.2 | cpe:2.3:a:apache:subversion:1.4.2:*:*:*:*:*:*:* |
apache | subversion | 1.4.3 | cpe:2.3:a:apache:subversion:1.4.3:*:*:*:*:*:*:* |
apache | subversion | 1.4.4 | cpe:2.3:a:apache:subversion:1.4.4:*:*:*:*:*:*:* |
apache | subversion | 1.4.5 | cpe:2.3:a:apache:subversion:1.4.5:*:*:*:*:*:*:* |
apache | subversion | 1.4.6 | cpe:2.3:a:apache:subversion:1.4.6:*:*:*:*:*:*:* |
apache | subversion | 1.5.0 | cpe:2.3:a:apache:subversion:1.5.0:*:*:*:*:*:*:* |
apache | subversion | 1.5.1 | cpe:2.3:a:apache:subversion:1.5.1:*:*:*:*:*:*:* |