CVE-2020-17525
Description
Subversions mod_authz_svn module will crash if the server is using in-repository authz rules with the AuthzSVNReposRelativeAccessFile option and a client sends a request for a non-existing repository URL. This can lead to disruption for users of the service. This issue was fixed in mod_dav_svn+mod_authz_svn servers 1.14.1 and mod_dav_svn+mod_authz_svn servers 1.10.7
Risk Information
Base Score
7.5
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS Score
Exploitation Probability
11.752
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| subversion security update(DSA-4851-1) subversion_1.10.4-1+deb10u2_amd64.deb | Linux |
| subversion security update(DSA-4851-1) subversion_1.10.4-1+deb10u2_i386.deb | Linux |
| subversion security update(DSA-4851-1) Debian_subversion_1.10.4-1+deb10u2_amd64.deb | Linux |
| Libserf update (ELSA-2021-0507) libserf-1.3.9-9.module+el8.3.0+7671+a87d5147.x86_64.rpm | Linux |
| Mod_dav_svn update (ELSA-2021-0507) mod_dav_svn-1.10.2-4.module+el8.3.0+9645+c2a98c55.x86_64.rpm | Linux |
| Subversion update (ELSA-2021-0507) subversion-1.10.2-4.module+el8.3.0+9645+c2a98c55.x86_64.rpm | Linux |
| Subversion-devel update (ELSA-2021-0507) subversion-devel-1.10.2-4.module+el8.3.0+9645+c2a98c55.x86_64.rpm | Linux |
| Subversion-gnome update (ELSA-2021-0507) subversion-gnome-1.10.2-4.module+el8.3.0+9645+c2a98c55.x86_64.rpm | Linux |
| Subversion-javahl update (ELSA-2021-0507) subversion-javahl-1.10.2-4.module+el8.3.0+9645+c2a98c55.noarch.rpm | Linux |
| Subversion-libs update (ELSA-2021-0507) subversion-libs-1.10.2-4.module+el8.3.0+9645+c2a98c55.x86_64.rpm | Linux |
| Subversion-perl update (ELSA-2021-0507) subversion-perl-1.10.2-4.module+el8.3.0+9645+c2a98c55.x86_64.rpm | Linux |
| Subversion-tools update (ELSA-2021-0507) subversion-tools-1.10.2-4.module+el8.3.0+9645+c2a98c55.x86_64.rpm | Linux |
| Utf8proc update (ELSA-2021-0507) utf8proc-2.1.1-5.module+el8.3.0+7671+a87d5147.x86_64.rpm | Linux |
| Advanced version control system (USN-5445-1) libsvn1_1.9.7-4ubuntu1.1_i386.deb | Linux |
| Advanced version control system (USN-5445-1) libsvn1_1.9.7-4ubuntu1.1_amd64.deb | Linux |
| Advanced version control system (USN-5445-1) libsvn1_1.13.0-3ubuntu0.2_amd64.deb | Linux |
| Advanced version control system (USN-5445-1) subversion_1.9.7-4ubuntu1.1_i386.deb | Linux |
| Advanced version control system (USN-5445-1) subversion_1.9.7-4ubuntu1.1_amd64.deb | Linux |
| Advanced version control system (USN-5445-1) subversion_1.13.0-3ubuntu0.2_amd64.deb | Linux |
| Advanced version control system (USN-5445-1) libapache2-mod-svn_1.9.7-4ubuntu1.1_i386.deb | Linux |
| Advanced version control system (USN-5445-1) libapache2-mod-svn_1.9.7-4ubuntu1.1_amd64.deb | Linux |
| Advanced version control system (USN-5445-1) libapache2-mod-svn_1.13.0-3ubuntu0.2_amd64.deb | Linux |
| subversion:1.10 security update (RLSA-2021:0507) libserf-1.3.9-9.module+el8.4.0+407+38733e5a.x86_64.rpm | Linux |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234