ALAS-2015-587 --- subversion mod_dav_svnID: oval:org.secpod.oval:def:1200095 | Date: (C)2016-01-04 (M)2023-12-07 |
Class: PATCH | Family: unix |
The mod_dav_svn server in Subversion 1.8.0 through 1.8.11 allows remote attackers to cause a denial of service via a large number of REPORT requests, which trigger the traversal of FSFS repository nodes. An assertion failure flaw was found in the way the SVN server processed certain requests with dynamically evaluated revision numbers. A remote attacker could use this flaw to cause the SVN server to crash. It was found that the mod_dav_svn module did not properly validate the svn:author property of certain requests. An attacker able to create new revisions could use this flaw to spoof the svn:author property
Platform: |
Amazon Linux AMI |
Product: |
subversion |
mod_dav_svn |