CVE-2013-4505 — Apache Subversion vulnerability

CWE-2649 documents8 sources

Severity

2.6LOWNVD

EPSS

1.6%

top 18.02%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apache Subversion

Timeline

PublishedDec 7

Latest updateMay 17

Description

The is_this_legal function in mod_dontdothat for Apache Subversion 1.4.0 through 1.7.13 and 1.8.0 through 1.8.4 allows remote attackers to bypass intended access restrictions and possibly cause a denial of service (resource consumption) via a relative URL in a REPORT request.

CVSS vector

AV:N/AC:H/C:N/I:N/A:PExploitability: 4.9 | Impact: 2.9

Affected Packages2 packages

▶Debianapache/subversion< 1.7.14-1+3

▶NVDapache/subversion53 versions+52

Patches

Patch: subversion.apache.org ↗Patch: subversion.apache.org ↗

🔴Vulnerability Details

GHSA

GHSA-cr4v-cvvq-g798: The is_this_legal function in mod_dontdothat for Apache Subversion 1↗2022-05-17

▶

OSV

CVE-2013-4505: The is_this_legal function in mod_dontdothat for Apache Subversion 1↗2013-12-07

▶

CVEList

CVE-2013-4505: The is_this_legal function in mod_dontdothat for Apache Subversion 1↗2013-12-07

▶

📋Vendor Advisories

Red Hat

subversion: mod_dontdothat does not block requests from certain clients↗2013-11-25

▶

Debian

CVE-2013-4505: subversion - The is_this_legal function in mod_dontdothat for Apache Subversion 1.4.0 through...↗2013

▶

Apache

Apache subversion: CVE-2013-4505↗

▶

💬Community

Bugzilla

CVE-2013-4505 subversion: mod_dontdothat does not block requests from certain clients↗2013-11-25

▶

Bugzilla

CVE-2013-4505 CVE-2013-4558 subversion: various flaws [fedora-all]↗2013-11-25

▶