CVE-2015-0202

CWE-399 CWE-770 — Allocation without Limits10 documents9 sources

Severity

7.8HIGH

EPSS

2.1%

top 16.01%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apache Subversion Opensuse Opensuse

Timeline

PublishedApr 8

Latest updateMay 14

Description

The mod_dav_svn server in Subversion 1.8.0 through 1.8.11 allows remote attackers to cause a denial of service (memory consumption) via a large number of REPORT requests, which trigger the traversal of FSFS repository nodes.

CVSS vector

AV:N/AC:L/C:N/I:N/A:CExploitability: 10.0 | Impact: 6.9

Affected Packages3 packages

▶Debiansubversion< 1.8.10-6+3

▶NVDapache/subversion12 versions+11

▶NVDopensuse/opensuse13.1, 13.2+1

🔴Vulnerability Details

GHSA

GHSA-9652-39q9-6g87: The mod_dav_svn server in Subversion 1↗2022-05-14

▶

CVEList

CVE-2015-0202: The mod_dav_svn server in Subversion 1↗2015-04-08

▶

OSV

CVE-2015-0202: The mod_dav_svn server in Subversion 1↗2015-04-08

▶

📋Vendor Advisories

Ubuntu

Subversion vulnerabilities↗2015-08-20

▶

Red Hat

subversion: (mod_dav_svn) remote denial of service with certain REPORT requests↗2015-03-31

▶

Debian

CVE-2015-0202: subversion - The mod_dav_svn server in Subversion 1.8.0 through 1.8.11 allows remote attacker...↗2015

▶

Apache

Apache subversion: CVE-2015-0202↗

▶

💬Community

Bugzilla

CVE-2015-0202 subversion: (mod_dav_svn) remote denial of service with certain REPORT requests [fedora-all]↗2015-03-31

▶

Bugzilla

CVE-2015-0202 subversion: (mod_dav_svn) remote denial of service with certain REPORT requests↗2015-03-24

▶