CVE-2011-1921 — Apache Subversion vulnerability

CWE-26410 documents9 sources

Severity

4.3MEDIUMNVD

EPSS

4.0%

top 11.49%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apache Subversion

Timeline

PublishedJun 6

Latest updateMay 17

Description

The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x and 1.6.x before 1.6.17, when the SVNPathAuthz short_circuit option is disabled, does not properly enforce permissions for files that had been publicly readable in the past, which allows remote attackers to obtain sensitive information via a replay REPORT operation.

CVSS vector

AV:N/AC:M/C:P/I:N/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages2 packages

▶Debianapache/subversion< 1.6.17dfsg-1+3

▶NVDapache/subversion26 versions+25

🔴Vulnerability Details

GHSA

GHSA-jcxf-qq8g-jpph: The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1↗2022-05-17

▶

CVEList

CVE-2011-1921: The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1↗2011-06-06

▶

OSV

CVE-2011-1921: The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1↗2011-06-06

▶

📋Vendor Advisories

Ubuntu

Subversion vulnerabilities↗2011-06-06

▶

Red Hat

(mod_dav_svn): File contents disclosure of files configured to be unreadable by those users↗2011-06-01

▶

Debian

CVE-2011-1921: subversion - The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subv...↗2011

▶

Apache

Apache subversion: CVE-2011-1921↗

▶

💬Community

Bugzilla

CVE-2011-1752 CVE-2011-1783 CVE-2011-1921 subversion various flaws [fedora-all]↗2011-06-02

▶

Bugzilla

CVE-2011-1921 subversion (mod_dav_svn): File contents disclosure of files configured to be unreadable by those users↗2011-05-30

▶