Apache Subversion vulnerabilities

CVE-2011-1921 [MEDIUM] CWE-264 CVE-2011-1921: The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x and 1.6 The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x and 1.6.x before 1.6.17, when the SVNPathAuthz short_circuit option is disabled, does not properly enforce permissions for files that had been publicly readable in the past, which allows remote attackers to obtain sensitive information via a replay REPORT oper

CVE-2011-1783 [MEDIUM] CVE-2011-1783: The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x and 1.6 The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x and 1.6.x before 1.6.17, when the SVNPathAuthz short_circuit option is enabled, allows remote attackers to cause a denial of service (infinite loop and memory consumption) in opportunistic circumstances by requesting data.

CVE-2011-1752 [MEDIUM] CWE-476 CVE-2011-1752: The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.17 The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.17, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a request for a baselined WebDAV resource, as exploited in the wild in May 2011.

CVE-2011-0715 [MEDIUM] CVE-2011-0715: The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.16 The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.16, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a request that contains a lock token.

CVE-2010-4539 [MEDIUM] CWE-399 CVE-2010-4539: The walk function in repos.c in the mod_dav_svn module for the Apache HTTP Server, as distributed in The walk function in repos.c in the mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.15, allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via vectors that trigger the walking of SVNParentPath collections.

CVE-2010-4644 [LOW] CWE-399 CVE-2010-4644: Multiple memory leaks in rev_hunt.c in Apache Subversion before 1.6.15 allow remote authenticated us Multiple memory leaks in rev_hunt.c in Apache Subversion before 1.6.15 allow remote authenticated users to cause a denial of service (memory consumption and daemon crash) via the -g option to the blame command.

CVE-2010-3315 [MEDIUM] CWE-16 CVE-2010-3315: authz.c in the mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1. authz.c in the mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x before 1.5.8 and 1.6.x before 1.6.13, when SVNPathAuthz short_circuit is enabled, does not properly handle a named repository as a rule scope, which allows remote authenticated users to bypass intended access restrictions via svn commands.

CVE-2009-2411 [HIGH] CVE-2009-2411: Multiple integer overflows in the libsvn_delta library in Subversion before 1 Multiple integer overflows in the libsvn_delta library in Subversion before 1.5.7, and 1.6.x before 1.6.4, allow remote authenticated users and remote Subversion servers to execute arbitrary code via an svndiff stream with large windows that trigger a heap-based buffer overflow, a related issue to CVE-2009-2412.

CVE-2007-2448 [LOW] CVE-2007-2448: Subversion 1 Subversion 1.4.3 and earlier does not properly implement the "partial access" privilege for users who have access to changed paths but not copied paths, which allows remote authenticated users to obtain sensitive information (revision properties) via svn (1) propget, (2) proplist, or (3) propedit.

CVE-2006-1564 [MEDIUM] CVE-2006-1564: Untrusted search path vulnerability in libapache2-svn 1 Untrusted search path vulnerability in libapache2-svn 1.3.0-4 for Subversion in Debian GNU/Linux includes RPATH values under the /tmp/svn directory for the (1) mod_authz_svn.so and (2) mod_dav_svn.so modules, which might allow local users to gain privileges by installing malicious libraries in that directory.

CVE-2004-1438 [LOW] CVE-2004-1438: The mod_authz_svn Apache module for Subversion 1 The mod_authz_svn Apache module for Subversion 1.0.4-r1 and earlier allows remote authenticated users, with write access to the repository, to read unauthorized parts of the repository via the svn copy command.

CVE-2004-0749 [MEDIUM] CVE-2004-0749: The mod_authz_svn module in Subversion 1 The mod_authz_svn module in Subversion 1.0.7 and earlier does not properly restrict access to all metadata on unreadable paths, which could allow remote attackers to gain sensitive information via (1) svn log -v, (2) svn propget, or (3) svn blame, and other commands that follow renames.

CVE-2004-0413 [CRITICAL] CVE-2004-0413: libsvn_ra_svn in Subversion 1 libsvn_ra_svn in Subversion 1.0.4 trusts the length field of (1) svn://, (2) svn+ssh://, and (3) other svn protocol URL strings, which allows remote attackers to cause a denial of service (memory consumption) and possibly execute arbitrary code via an integer overflow that leads to a heap-based buffer overflow.

CVE-2004-0397 [HIGH] CVE-2004-0397: Stack-based buffer overflow during the apr_time_t data conversion in Subversion 1 Stack-based buffer overflow during the apr_time_t data conversion in Subversion 1.0.2 and earlier allows remote attackers to execute arbitrary code via a (1) DAV2 REPORT query or (2) get-dated-rev svn-protocol command.