CVE-2013-1849Apache Subversion vulnerability

11 documents10 sources
Severity
4.3MEDIUMNVD
EPSS
15.3%
top 5.37%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Apache Subversion
Timeline
PublishedMay 2
Latest updateMay 17

Description

The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x through 1.6.20 and 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a PROPFIND request for an activity URL.

CVSS vector

AV:N/AC:M/C:N/I:N/A:PExploitability: 8.6 | Impact: 2.9

Affected Packages2 packages

Debianapache/subversion< 1.7.9-1+3
NVDapache/subversion30 versions+29

🔴Vulnerability Details

3
GHSA
GHSA-7xgj-rr5f-9wv9: The mod_dav_svn Apache HTTPD server module in Subversion 12022-05-17
OSV
CVE-2013-1849: The mod_dav_svn Apache HTTPD server module in Subversion 12013-05-02
CVEList
CVE-2013-1849: The mod_dav_svn Apache HTTPD server module in Subversion 12013-05-02

💥Exploits & PoCs

1
Exploit-DB
Foscam IP Camera - Predictable Credentials Security Bypass2014-05-08

📋Vendor Advisories

4
Ubuntu
Subversion vulnerabilities2013-06-27
Red Hat
(mod_dav_svn): DoS (crash) via PROPFIND request made against activity URLs2013-03-05
Debian
CVE-2013-1849: subversion - The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x through 1.6.20 an...2013
Apache
Apache subversion: CVE-2013-1849

💬Community

2
Bugzilla
CVE-2013-1845 CVE-2013-1846 CVE-2013-1847 CVE-2013-1849 CVE-2013-1884 subversion various flaws [fedora-all]2013-04-05
Bugzilla
CVE-2013-1849 Subversion (mod_dav_svn): DoS (crash) via PROPFIND request made against activity URLs2013-03-29
CVE-2013-1849 — Apache Subversion vulnerability | cvebase