CVE-2011-1783Infinite Loop in Apache Subversion

10 documents9 sources
Severity
4.3MEDIUMNVD
EPSS
11.1%
top 6.53%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
5
Apache SubversionApple MAC OS XCanonical Ubuntu Linux+2 more
Timeline
PublishedJun 6
Latest updateMay 13

Description

The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x and 1.6.x before 1.6.17, when the SVNPathAuthz short_circuit option is enabled, allows remote attackers to cause a denial of service (infinite loop and memory consumption) in opportunistic circumstances by requesting data.

CVSS vector

AV:N/AC:M/C:N/I:N/A:PExploitability: 8.6 | Impact: 2.9

Affected Packages3 packages

NVDapache/subversion1.6.01.6.17+1
Debianapache/subversion< 1.6.17dfsg-1+3
NVDapple/mac_os_x< 10.7.3

Also affects: Debian Linux 5.0, 6.0, Fedora 14, 15, Ubuntu Linux 10.04, 10.10, 11.04

🔴Vulnerability Details

3
GHSA
GHSA-6hv5-jvfr-j4jm: The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 12022-05-13
CVEList
CVE-2011-1783: The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 12011-06-06
OSV
CVE-2011-1783: The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 12011-06-06

📋Vendor Advisories

4
Ubuntu
Subversion vulnerabilities2011-06-06
Red Hat
(mod_dav_svn): DoS (excessive memory use) when configured to provide path-based access control2011-06-01
Debian
CVE-2011-1783: subversion - The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subv...2011
Apache
Apache subversion: CVE-2011-1783

💬Community

2
Bugzilla
CVE-2011-1752 CVE-2011-1783 CVE-2011-1921 subversion various flaws [fedora-all]2011-06-02
Bugzilla
CVE-2011-1783 subversion (mod_dav_svn): DoS (excessive memory use) when configured to provide path-based access control2011-05-30
CVE-2011-1783 — Infinite Loop in Apache Subversion | cvebase