ALAS-2015-555 --- subversion mod_dav_svn mod24_dav_svnID: oval:org.secpod.oval:def:1200111 | Date: (C)2015-12-30 (M)2023-07-28 |
Class: PATCH | Family: unix |
A NULL pointer dereference flaw was found in the way the mod_dav_svn module handled certain requests for URIs that trigger a lookup of a virtual transaction name. A remote, unauthenticated attacker could send a request for a virtual transaction name that does not exist, causing mod_dav_svn to crash. A NULL pointer dereference flaw was found in the way the mod_dav_svn module handled REPORT requests. A remote, unauthenticated attacker could use a specially crafted REPORT request to crash mod_dav_svn
Platform: |
Amazon Linux AMI |
Product: |
subversion |
mod_dav_svn |
mod24_dav_svn |