Download
| Alert*
|
oval:org.secpod.oval:def:57842
The host is installed with Apache Subversion 1.4.0 before 1.8.17 or 1.9.0 before 1.9.5 and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to handle an issue in mod_dontdothat module. Successful exploitation could allow remote attackers to cause the t ... oval:org.secpod.oval:def:111863 Subversion is a concurrent version control system which enables one or more users to collaborate in developing and maintaining a hierarchy of files and directories while keeping a history of all changes. Subversion only stores the differences between versions, instead of every complete file. Subvers ... oval:org.secpod.oval:def:53116 Several problems were discovered in Subversion, a centralised version control system. CVE-2017-9800 Joern Schneeweisz discovered that Subversion did not correctly handle maliciously constructed svn+ssh:// URLs. This allowed an attacker to run an arbitrary shell command, for instance via svn:external ... oval:org.secpod.oval:def:703756 subversion: Advanced version control system Several security issues were fixed in Subversion. oval:org.secpod.oval:def:1800422 Subversion"s mod_dontdothat module and clients using are vulnerable to a denial-of-service attack caused by exponential XML entity expansion. The attack, otherwise known as the "billion laughs attack", targets XML parsers and can cause the targeted process to consume an excessive amount of CPU resou ... oval:org.secpod.oval:def:603050 Several problems were discovered in Subversion, a centralised version control system. CVE-2017-9800 Joern Schneeweisz discovered that Subversion did not correctly handle maliciously constructed svn+ssh:// URLs. This allowed an attacker to run an arbitrary shell command, for instance via svn:external ... oval:org.secpod.oval:def:1600503 An authenticated remote attacker can cause denial-of-service conditions on the server using mod_dontdothat by sending a specially crafted REPORT request. The attack does not require access to a particular repository. oval:org.secpod.oval:def:51870 subversion: Advanced version control system Several security issues were fixed in Subversion. |
