CVE-2011-0715 — Apache Subversion vulnerability

10 documents9 sources

Severity

4.3MEDIUMNVD

EPSS

8.5%

top 7.61%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apache Subversion

Timeline

PublishedMar 11

Latest updateMay 17

Description

The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.16, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a request that contains a lock token.

CVSS vector

AV:N/AC:M/C:N/I:N/A:PExploitability: 8.6 | Impact: 2.9

Affected Packages2 packages

▶Debianapache/subversion< 1.6.16dfsg-1+3

▶NVDapache/subversion1.6.15+111

Patches

Patch: svn.apache.org ↗Patch: svn.haxx.se ↗Patch: bugzilla.redhat.com ↗

🔴Vulnerability Details

GHSA

GHSA-gvp9-hg34-593w: The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1↗2022-05-17

▶

OSV

CVE-2011-0715: The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1↗2011-03-11

▶

CVEList

CVE-2011-0715: The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1↗2011-03-11

▶

📋Vendor Advisories

Ubuntu

Subversion vulnerability↗2011-03-29

▶

Red Hat

(mod_dav_svn): DoS (NULL ptr deref) by a lock token sent from a not authenticated Subversion client↗2011-03-03

▶

Debian

CVE-2011-0715: subversion - The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subv...↗2011

▶

Apache

Apache subversion: CVE-2011-0715↗

▶

💬Community

Bugzilla

CVE-2011-0715 subversion (mod_dav_svn): DoS (NULL ptr deref) by a lock token sent from a not authenticated Subversion client [fedora-all]↗2011-03-08

▶

Bugzilla

CVE-2011-0715 subversion (mod_dav_svn): DoS (NULL ptr deref) by a lock token sent from a not authenticated Subversion client↗2011-02-27

▶