Home

CVE-2014-0032

Description

The get_resource function in repos.c in the mod_dav_svn module in Apache Subversion before 1.7.15 and 1.8.x before 1.8.6, when SVNListParentPath is enabled, allows remote attackers to cause a denial of service (crash) via vectors related to the server root and request methods other than GET, as demonstrated by the svn ls http://svn.example.com command.

Risk Information

Base Score
9.1
MODERATE
Vector
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
EPSS Score
Exploitation Probability
27.105

Associated Vulnerability

VulnerabilityOS Platform
Advanced version control system (USN-2316-1) libsvn1_1.8.8-1ubuntu3.2_i386.debLinux
Advanced version control system (USN-2316-1) libsvn1_1.8.8-1ubuntu3.2_amd64.debLinux
Advanced version control system (USN-2316-1) subversion_1.8.8-1ubuntu3.2_i386.debLinux
Advanced version control system (USN-2316-1) subversion_1.8.8-1ubuntu3.2_amd64.debLinux
(RHSA-2014:0255) Moderate: subversion security update mod_dav_svn-1.6.11-12.el5_10.i386.rpmLinux
(RHSA-2014:0255) Moderate: subversion security update mod_dav_svn-1.6.11-12.el5_10.x86_64.rpmLinux
(RHSA-2014:0255) Moderate: subversion security update subversion-1.6.11-12.el5_10.i386.rpmLinux
(RHSA-2014:0255) Moderate: subversion security update subversion-1.6.11-12.el5_10.x86_64.rpmLinux
(RHSA-2014:0255) Moderate: subversion security update subversion-devel-1.6.11-12.el5_10.i386.rpmLinux
(RHSA-2014:0255) Moderate: subversion security update subversion-devel-1.6.11-12.el5_10.x86_64.rpmLinux
(RHSA-2014:0255) Moderate: subversion security update subversion-javahl-1.6.11-12.el5_10.i386.rpmLinux
(RHSA-2014:0255) Moderate: subversion security update subversion-javahl-1.6.11-12.el5_10.x86_64.rpmLinux
(RHSA-2014:0255) Moderate: subversion security update subversion-perl-1.6.11-12.el5_10.i386.rpmLinux
(RHSA-2014:0255) Moderate: subversion security update subversion-perl-1.6.11-12.el5_10.x86_64.rpmLinux
(RHSA-2014:0255) Moderate: subversion security update subversion-ruby-1.6.11-12.el5_10.i386.rpmLinux
(RHSA-2014:0255) Moderate: subversion security update subversion-ruby-1.6.11-12.el5_10.x86_64.rpmLinux

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234