CVE-2015-0248

CWE-399CWE-617Reachable Assertion11 documents10 sources
Severity
5.0MEDIUM
EPSS
15.8%
top 5.26%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
9
Apache SubversionApple XcodeOpensuse Opensuse+6 more
Timeline
PublishedApr 8
Latest updateMay 14

Description

The (1) mod_dav_svn and (2) svnserve servers in Subversion 1.6.0 through 1.7.19 and 1.8.0 through 1.8.11 allow remote attackers to cause a denial of service (assertion failure and abort) via crafted parameter combinations related to dynamically evaluated revision numbers.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages9 packages

Debiansubversion< 1.8.10-6+3
NVDapache/subversion55 versions+54
NVDapple/xcode7.0
NVDoracle/solaris11.3
NVDopensuse/opensuse13.1, 13.2+1

Also affects: Enterprise Linux 6.7.z

🔴Vulnerability Details

3
GHSA
GHSA-8pfv-rvrh-7fhw: The (1) mod_dav_svn and (2) svnserve servers in Subversion 12022-05-14
OSV
CVE-2015-0248: The (1) mod_dav_svn and (2) svnserve servers in Subversion 12015-04-08
CVEList
CVE-2015-0248: The (1) mod_dav_svn and (2) svnserve servers in Subversion 12015-04-08

📋Vendor Advisories

5
Ubuntu
Subversion vulnerabilities2015-08-20
Red Hat
subversion: (mod_dav_svn) remote denial of service with certain requests with dynamically evaluated revision numbers2015-03-31
Debian
CVE-2015-0248: subversion - The (1) mod_dav_svn and (2) svnserve servers in Subversion 1.6.0 through 1.7.19 ...2015
Apache
Apache subversion: CVE-2015-0248
Apple
CVE-2015-0248: Xcode 7.0

💬Community

2
Bugzilla
CVE-2015-0248 subversion: (mod_dav_svn) remote denial of service with certain requests with dynamically evaluated revision numbers [fedora-all]2015-03-31
Bugzilla
CVE-2015-0248 subversion: (mod_dav_svn) remote denial of service with certain requests with dynamically evaluated revision numbers2015-03-24
CVE-2015-0248 (MEDIUM CVSS 5) | The (1) mod_dav_svn and (2) svnserv | cvebase.io