Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2013-1884Improper Restriction of Operations within the Bounds of a Memory Buffer in Apache Subversion

CWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer11 documents10 sources
Severity
5.0MEDIUMNVD
EPSS
31.6%
top 3.20%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Apache Subversion
Timeline
PublishedMay 2
Latest updateMay 17

Description

The mod_dav_svn Apache HTTPD server module in Subversion 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service (segmentation fault and crash) via a log REPORT request with an invalid limit, which triggers an access of an uninitialized variable.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages2 packages

Debianapache/subversion< 1.7.9-1+3
NVDapache/subversion8 versions+7

🔴Vulnerability Details

3
GHSA
GHSA-chwm-g2mp-v6cv: The mod_dav_svn Apache HTTPD server module in Subversion 12022-05-17
OSV
CVE-2013-1884: The mod_dav_svn Apache HTTPD server module in Subversion 12013-05-02
CVEList
CVE-2013-1884: The mod_dav_svn Apache HTTPD server module in Subversion 12013-05-02

💥Exploits & PoCs

1
Exploit-DB
Apache Subversion - Remote Denial of Service2013-04-05

📋Vendor Advisories

4
Ubuntu
Subversion vulnerabilities2013-06-27
Red Hat
(mod_dav_svn): DoS (crash) via malformed log REPORT requests2013-04-04
Debian
CVE-2013-1884: subversion - The mod_dav_svn Apache HTTPD server module in Subversion 1.7.0 through 1.7.8 all...2013
Apache
Apache subversion: CVE-2013-1884

💬Community

2
Bugzilla
CVE-2013-1845 CVE-2013-1846 CVE-2013-1847 CVE-2013-1849 CVE-2013-1884 subversion various flaws [fedora-all]2013-04-05
Bugzilla
CVE-2013-1884 Subversion (mod_dav_svn): DoS (crash) via malformed log REPORT requests2013-03-29
CVE-2013-1884 — Apache Subversion vulnerability | cvebase