[Forgot Password]
Login  Register Subscribe

24437

 
 

131815

 
 

116564

 
 

909

 
 

91325

 
 

141

Paid content will be excluded from the download.


Download | Alert*
OVAL

Integer overflow vulnerability in Apache Subversion via a skel-encoded request body

ID: oval:org.secpod.oval:def:34614Date: (C)2016-05-24   (M)2018-06-04
Class: VULNERABILITYFamily: windows




The host is installed with Apache Subversion 1.7.x, 1.8.x before 1.8.15 and is prone to an integer overflow vulnerability. A flaw is present in the application, which fails to handle a skel-encoded request body, which triggers an out-of-bounds read and heap-based buffer overflow. Successful exploitation could allows remote authenticated users to cause a denial of service (subversion server crash or memory consumption) and possibly execute arbitrary code.

Platform:
Microsoft Windows 7
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Vista
Microsoft Windows XP
Microsoft Windows 8
Microsoft Windows 10
Microsoft Windows 8.1
Microsoft Windows Server 2012 R2
Microsoft Windows Server 2012
Microsoft Windows Server 2016
Microsoft Windows Server 2008 R2
Product:
Apache Subversion
Reference:
CVE-2015-5343
CVE    1
CVE-2015-5343
CPE    40
cpe:/a:apache:subversion:::x86
cpe:/a:apache:subversion:1.8.12
cpe:/a:apache:subversion:1.8.14
cpe:/a:apache:subversion:1.8.13
...

© SecPod Technologies