CVE-2013-1968 — Improper Neutralization of Special Elements in Apache Subversion

CWE-138 — Improper Neutralization of Special Elements10 documents9 sources

Severity

5.5MEDIUMNVD

EPSS

1.2%

top 20.76%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apache Subversion Canonical Ubuntu Linux Collabnet Subversion +1 more

Timeline

PublishedJul 31

Latest updateMay 14

Description

Subversion before 1.6.23 and 1.7.x before 1.7.10 allows remote authenticated users to cause a denial of service (FSFS repository corruption) via a newline character in a file name.

CVSS vector

AV:N/AC:L/C:N/I:P/A:PExploitability: 8.0 | Impact: 4.9

Affected Packages4 packages

▶Debianapache/subversion< 1.7.9-1+nmu2+3

▶NVDapache/subversion1.6.21+31

▶NVDcollabnet/subversion1.6.17

▶NVDopensuse/opensuse11.4

Also affects: Ubuntu Linux 12.04, 12.10, 13.04

🔴Vulnerability Details

GHSA

GHSA-rx9x-73jj-929p: Subversion before 1↗2022-05-14

▶

CVEList

CVE-2013-1968: Subversion before 1↗2013-07-31

▶

OSV

CVE-2013-1968: Subversion before 1↗2013-07-31

▶

📋Vendor Advisories

Ubuntu

Subversion vulnerabilities↗2013-06-27

▶

Red Hat

format): Filenames with newline character can lead to revision corruption↗2013-05-31

▶

Debian

CVE-2013-1968: subversion - Subversion before 1.6.23 and 1.7.x before 1.7.10 allows remote authenticated use...↗2013

▶

Apache

Apache subversion: CVE-2013-1968↗

▶

💬Community

Bugzilla

CVE-2013-1968 subversion (FSFS format): Filenames with newline character can lead to revision corruption↗2013-06-03

▶

Bugzilla

CVE-2013-1968 subversion (FSFS format): Filenames with newline character can lead to revision corruption [fedora-all]↗2013-06-03

▶