CVE-2015-0251

CWE-345CWE-34811 documents10 sources
Severity
4.0MEDIUM
EPSS
1.1%
top 22.32%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
9
Apache SubversionApple XcodeOpensuse Opensuse+6 more
Timeline
PublishedApr 8
Latest updateMay 14

Description

The mod_dav_svn server in Subversion 1.5.0 through 1.7.19 and 1.8.0 through 1.8.11 allows remote authenticated users to spoof the svn:author property via a crafted v1 HTTP protocol request sequences.

CVSS vector

AV:N/AC:L/C:N/I:P/A:NExploitability: 8.0 | Impact: 2.9

Affected Packages9 packages

Debiansubversion< 1.8.10-6+3
NVDapache/subversion64 versions+63
NVDapple/xcode7.0
NVDoracle/solaris11.3

Also affects: Enterprise Linux 6.7.z

🔴Vulnerability Details

3
GHSA
GHSA-7c78-p7xr-4r2p: The mod_dav_svn server in Subversion 12022-05-14
OSV
CVE-2015-0251: The mod_dav_svn server in Subversion 12015-04-08
CVEList
CVE-2015-0251: The mod_dav_svn server in Subversion 12015-04-08

📋Vendor Advisories

5
Ubuntu
Subversion vulnerabilities2015-08-20
Red Hat
subversion: (mod_dav_svn) spoofing svn:author property values for new revisions2015-03-31
Debian
CVE-2015-0251: subversion - The mod_dav_svn server in Subversion 1.5.0 through 1.7.19 and 1.8.0 through 1.8....2015
Apple
CVE-2015-0251: Xcode 7.0
Apache
Apache subversion: CVE-2015-0251

💬Community

2
Bugzilla
CVE-2015-0251 subversion: (mod_dav_svn) spoofing svn:author property values for new revisions [fedora-all]2015-03-31
Bugzilla
CVE-2015-0251 subversion: (mod_dav_svn) spoofing svn:author property values for new revisions2015-03-24
CVE-2015-0251 (MEDIUM CVSS 4) | The mod_dav_svn server in Subversio | cvebase.io