CVE-2013-4558
Published Dec 7, 2013
Last updated 8 months ago
Overview
- Description
- The get_parent_resource function in repos.c in mod_dav_svn Apache HTTPD server module in Subversion 1.7.11 through 1.7.13 and 1.8.1 through 1.8.4, when built with assertions enabled and SVNAutoversioning is enabled, allows remote attackers to cause a denial of service (assertion failure and Apache process abort) via a non-canonical URL in a request, as demonstrated using a trailing /.
- Source
- secalert@redhat.com
- NVD status
- Modified
Risk scores
CVSS 2.0
- Type
- Primary
- Base score
- 3.5
- Impact score
- 2.9
- Exploitability score
- 6.8
- Vector string
- AV:N/AC:M/Au:S/C:N/I:N/A:P
Weaknesses
- nvd@nist.gov
- CWE-20
Social media
- Hype score
- Not currently trending
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:mod_dav_svn:-:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "EF1F71DC-F66A-4F20-AF88-636DEFBD30BB"
},
{
"criteria": "cpe:2.3:a:apache:subversion:1.7.11:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "75CF5BC1-7071-48A3-86A9-C843485CAED5"
},
{
"criteria": "cpe:2.3:a:apache:subversion:1.7.12:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "9EB23250-EBD2-4A5F-BF5E-1DAE1A64EF0E"
},
{
"criteria": "cpe:2.3:a:apache:subversion:1.7.13:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "200DB058-C9F0-4983-AF99-EBB8FC2E7875"
},
{
"criteria": "cpe:2.3:a:apache:subversion:1.8.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A57A3347-6C48-4803-AB4E-A4BC0E6BFA41"
},
{
"criteria": "cpe:2.3:a:apache:subversion:1.8.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "50D26799-D038-470A-A468-58DBDB64A7E6"
},
{
"criteria": "cpe:2.3:a:apache:subversion:1.8.3:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D3769BD6-B104-4F74-B8C4-89398A8894FB"
},
{
"criteria": "cpe:2.3:a:apache:subversion:1.8.4:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "9757DD5E-42A6-44B8-9692-49690F60C8D1"
}
],
"operator": "OR"
}
]
}
]