Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2013-1847Apache Subversion vulnerability

11 documents10 sources
Severity
5.0MEDIUMNVD
EPSS
44.3%
top 2.44%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Apache Subversion
Timeline
PublishedMay 2
Latest updateMay 17

Description

The mod_dav_svn Apache HTTPD server module in Subversion 1.6.0 through 1.6.20 and 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via an anonymous LOCK for a URL that does not exist.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages2 packages

Debianapache/subversion< 1.7.9-1+3
NVDapache/subversion30 versions+29

🔴Vulnerability Details

3
GHSA
GHSA-2c79-3xrg-7c85: The mod_dav_svn Apache HTTPD server module in Subversion 12022-05-17
OSV
CVE-2013-1847: The mod_dav_svn Apache HTTPD server module in Subversion 12013-05-02
CVEList
CVE-2013-1847: The mod_dav_svn Apache HTTPD server module in Subversion 12013-05-02

💥Exploits & PoCs

1
Exploit-DB
Apache Subversion 1.6.x - 'mod_dav_svn/lock.c' Remote Denial of Service2013-04-05

📋Vendor Advisories

4
Ubuntu
Subversion vulnerabilities2013-06-27
Red Hat
(mod_dav_svn): DoS (crash) via LOCK requests against a non-existent URL2013-04-04
Debian
CVE-2013-1847: subversion - The mod_dav_svn Apache HTTPD server module in Subversion 1.6.0 through 1.6.20 an...2013
Apache
Apache subversion: CVE-2013-1847

💬Community

2
Bugzilla
CVE-2013-1845 CVE-2013-1846 CVE-2013-1847 CVE-2013-1849 CVE-2013-1884 subversion various flaws [fedora-all]2013-04-05
Bugzilla
CVE-2013-1847 Subversion (mod_dav_svn): DoS (crash) via LOCK requests against a non-existent URL2013-03-29
CVE-2013-1847 — Apache Subversion vulnerability | cvebase