ALAS-2013-269 ---- subversion mod_dav_svnID: oval:org.secpod.oval:def:1600224 | Date: (C)2016-05-19 (M)2024-04-03 |
Class: PATCH | Family: unix |
The is_this_legal function in mod_dontdothat for Apache Subversion 1.4.0 through 1.7.13 and 1.8.0 through 1.8.4 allows remote attackers to bypass intended access restrictions and possibly cause a denial of service via a relative URL in a REPORT request.The get_parent_resource function in repos.c in mod_dav_svn Apache HTTPD server module in Subversion 1.7.11 through 1.7.13 and 1.8.1 through 1.8.4, when built with assertions enabled and SVNAutoversioning is enabled, allows remote attackers to cause a denial of service via a non-canonical URL in a request, as demonstrated using a trailing /.
Platform: |
Amazon Linux AMI |
Product: |
subversion |
mod_dav_svn |