Apache Subversion 'mod_dav_svn/lock.c' Remote Denial of Service Vulnerability
BID:58897
Info
Apache Subversion 'mod_dav_svn/lock.c' Remote Denial of Service Vulnerability
| Bugtraq ID: | 58897 |
| Class: | Unknown |
| CVE: |
CVE-2013-1847 |
| Remote: | Yes |
| Local: | No |
| Published: | Apr 05 2013 12:00AM |
| Updated: | Sep 25 2013 12:15AM |
| Credit: | Reported by vendor. |
| Vulnerable: |
Ubuntu Ubuntu Linux 12.04 LTS i386 Ubuntu Ubuntu Linux 12.04 LTS amd64 Slackware Linux x86_64 -current Slackware Linux 13.37 x86_64 Slackware Linux 13.37 Slackware Linux 13.1 x86_64 Slackware Linux 13.1 Slackware Linux 13.0 x86_64 Slackware Linux 13.0 Slackware Linux -current RedHat Enterprise Linux Desktop Workstation 5 client Red Hat Enterprise Linux Workstation Optional 6 Red Hat Enterprise Linux Workstation 6 Red Hat Enterprise Linux Server Optional 6 Red Hat Enterprise Linux Server 6 Red Hat Enterprise Linux HPC Node Optional 6 Red Hat Enterprise Linux Desktop Optional 6 Red Hat Enterprise Linux 5 Server Oracle Enterprise Linux 6.2 Oracle Enterprise Linux 6 MandrakeSoft Enterprise Server 5 x86_64 MandrakeSoft Enterprise Server 5 Gentoo Linux CentOS CentOS 5 Apache Software Foundation Subversion 1.6.14 Apache Software Foundation Subversion 1.6.13 Apache Software Foundation Subversion 1.6.11 Apache Software Foundation Subversion 1.6.10 Apache Software Foundation Subversion 1.6.6 Apache Software Foundation Subversion 1.6.5 Apache Software Foundation Subversion 1.6.3 Apache Software Foundation Subversion 1.6.2 Apache Software Foundation Subversion 1.6.9 Apache Software Foundation Subversion 1.6.8 Apache Software Foundation Subversion 1.6.7 Apache Software Foundation Subversion 1.6.4 Apache Software Foundation Subversion 1.6.17 Apache Software Foundation Subversion 1.6.16 Apache Software Foundation Subversion 1.6.15 Apache Software Foundation Subversion 1.6.12 Apache Software Foundation Subversion 1.6.0 |
| Not Vulnerable: | |
Discussion
Apache Subversion 'mod_dav_svn/lock.c' Remote Denial of Service Vulnerability
Apache Subversion is prone to a remote denial-of-service vulnerability.
Attackers can exploit this issue to crash the application, resulting in denial-of-service conditions.
Apache Subversion versions 1.6.0 through 1.6.20 and 1.7.0 through 1.7.8 are vulnerable.
Apache Subversion is prone to a remote denial-of-service vulnerability.
Attackers can exploit this issue to crash the application, resulting in denial-of-service conditions.
Apache Subversion versions 1.6.0 through 1.6.20 and 1.7.0 through 1.7.8 are vulnerable.
Exploit / POC
Apache Subversion 'mod_dav_svn/lock.c' Remote Denial of Service Vulnerability
The following example data is available:
curl -X LOCK --data-binary @lock_body 'http://www.example.com/repo/foo'
The following example data is available:
curl -X LOCK --data-binary @lock_body 'http://www.example.com/repo/foo'
Solution / Fix
Apache Subversion 'mod_dav_svn/lock.c' Remote Denial of Service Vulnerability
Solution:
Updates are available. Please see the references or vendor advisory for more information.
Solution:
Updates are available. Please see the references or vendor advisory for more information.
References
Apache Subversion 'mod_dav_svn/lock.c' Remote Denial of Service Vulnerability
References:
References:
- Apache Subversion (Apache)