Apache Subversion CVE-2013-1884 Remote Denial of Service Vulnerability

Bugtraq ID:	58898
Class:	Failure to Handle Exceptional Conditions
CVE:	CVE-2013-1884
Remote:	Yes
Local:	No
Published:	Apr 05 2013 12:00AM
Updated:	Dec 17 2013 12:38AM
Credit:	Greg McMullin, Stefan Fuhrmann, Philip Martin & Ben Reser, and WANdisco
Vulnerable:	Ubuntu Ubuntu Linux 12.04 LTS i386 Ubuntu Ubuntu Linux 12.04 LTS amd64 SuSE openSUSE 11.4 Slackware Linux x86_64 -current Slackware Linux 13.37 x86_64 Slackware Linux 13.37 Slackware Linux 13.1 x86_64 Slackware Linux 13.1 Slackware Linux 13.0 x86_64 Slackware Linux 13.0 Slackware Linux -current Gentoo Linux
Not Vulnerable:

Apache Subversion CVE-2013-1884 Remote Denial of Service Vulnerability

Apache Subversion is prone to a remote denial-of-service vulnerability.

Attackers can exploit this issue to crash the application, resulting in denial-of-service conditions.

Apache Subversion versions 1.7.0 through 1.7.8 are vulnerable.

Apache Subversion CVE-2013-1884 Remote Denial of Service Vulnerability

The following example data is available:

curl -X REPORT --data-binary @log_report 'http://www.example.com/repo/!svn/bc/1/'

Apache Subversion CVE-2013-1884 Remote Denial of Service Vulnerability

Solution:
Updates are available. Please see the references or vendor advisory for more information.

Apache Subversion CVE-2013-1884 Remote Denial of Service Vulnerability

References:

• Apache Subversion (Apache)