exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 7 of 7 RSS Feed

CVE-2014-0032

Status Candidate

Overview

The get_resource function in repos.c in the mod_dav_svn module in Apache Subversion before 1.7.15 and 1.8.x before 1.8.6, when SVNListParentPath is enabled, allows remote attackers to cause a denial of service (crash) via vectors related to the server root and request methods other than GET, as demonstrated by the "svn ls https://svn.example.com" command.

Related Files

Gentoo Linux Security Advisory 201610-05
Posted Oct 12, 2016
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201610-5 - Multiple vulnerabilities have been found in Subversion and Serf, the worst of which could lead to execution of arbitrary code. Versions less than 1.9.4 are affected.

tags | advisory, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2014-0032, CVE-2014-3504, CVE-2014-3522, CVE-2014-3528, CVE-2015-0202, CVE-2015-0248, CVE-2015-0251, CVE-2015-3184, CVE-2015-3187, CVE-2015-5259, CVE-2016-2167, CVE-2016-2168
SHA-256 | 6fc3d8b062f4dd9dd7a5b8d8121065ad62aa138fd8e27bec35dc5e71fb9cd7e8
Mandriva Linux Security Advisory 2015-085
Posted Mar 30, 2015
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2015-085 - The mod_dav_svn module in Apache Subversion before 1.8.8, when SVNListParentPath is enabled, allows remote attackers to cause a denial of service via an OPTIONS request. Ben Reser discovered that Subversion did not correctly validate SSL certificates containing wildcards. A remote attacker could exploit this to perform a man in the middle attack to view sensitive information or alter encrypted communications. Bert Huijben discovered that Subversion did not properly handle cached credentials. A malicious server could possibly use this issue to obtain credentials cached for a different server. A NULL pointer dereference flaw was found in the way mod_dav_svn handled REPORT requests. A remote, unauthenticated attacker could use a crafted REPORT request to crash mod_dav_svn. A NULL pointer dereference flaw was found in the way mod_dav_svn handled URIs for virtual transaction names. A remote, unauthenticated attacker could send a request for a virtual transaction name that does not exist, causing mod_dav_svn to crash.

tags | advisory, remote, denial of service
systems | linux, mandriva
advisories | CVE-2014-0032, CVE-2014-3522, CVE-2014-3528
SHA-256 | 01aff36f339d42406e0aae560444ac58ac7a1af4b623272cb7f496e90441e981
Apple Security Advisory 2014-09-17-7
Posted Sep 19, 2014
Authored by Apple | Site apple.com

Apple Security Advisory 2014-09-17-7 - Xcode 6.0.1 is now available and addresses a denial of service vulnerability.

tags | advisory, denial of service
systems | apple
advisories | CVE-2014-0032
SHA-256 | 8e1f1756e81af7fac9dd82869a3eaffd631cf609ecd86c1fa4f32b476b409e2a
Ubuntu Security Notice USN-2316-1
Posted Aug 14, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2316-1 - Lieven Govaerts discovered that the Subversion mod_dav_svn module incorrectly handled certain request methods when SVNListParentPath was enabled. A remote attacker could use this issue to cause the server to crash, resulting in a denial of service. This issue only affected Ubuntu 12.04 LTS. Ben Reser discovered that Subversion did not correctly validate SSL certificates containing wildcards. A remote attacker could exploit this to perform a man in the middle attack to view sensitive information or alter encrypted communications. Various other issues were also addressed.

tags | advisory, remote, denial of service
systems | linux, ubuntu
advisories | CVE-2014-0032, CVE-2014-3522, CVE-2014-3528
SHA-256 | 34a878b1d3886abcc6a12d4b5804a8f3bed05cb128b024c7a2c181220ad326ca
Mandriva Linux Security Advisory 2014-049
Posted Mar 10, 2014
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2014-049 - The get_resource function in repos.c in the mod_dav_svn module in Apache Subversion before 1.7.15 and 1.8.x before 1.8.6, when SVNListParentPath is enabled, allows remote attackers to cause a denial of service via vectors related to the server root and request methods other than GET, as demonstrated by the svn ls https://svn.example.com command. This advisory provides the latest version of subversion which is not vulnerable to this issue.

tags | advisory, remote, web, denial of service, root
systems | linux, mandriva
advisories | CVE-2014-0032
SHA-256 | 6dc36b60facb0c513dec64a3947fa32a7e8f3f108314026f3f279dac8b4fef82
Red Hat Security Advisory 2014-0255-01
Posted Mar 6, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0255-01 - Subversion is a concurrent version control system which enables one or more users to collaborate in developing and maintaining a hierarchy of files and directories while keeping a history of all changes. The mod_dav_svn module is used with the Apache HTTP Server to allow access to Subversion repositories via HTTP. A flaw was found in the way the mod_dav_svn module handled OPTIONS requests. A remote attacker with read access to an SVN repository served via HTTP could use this flaw to cause the httpd process that handled such a request to crash.

tags | advisory, remote, web
systems | linux, redhat
advisories | CVE-2013-1968, CVE-2013-2112, CVE-2014-0032
SHA-256 | 4212abf321cad59ccc1e824d2b137d7cad58e57f5311fe0731b4c04edf68e288
Slackware Security Advisory - subversion Updates
Posted Feb 28, 2014
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New subversion packages are available for Slackware 14.0, 14.1, and -current to fix denial-of-service issues.

tags | advisory
systems | linux, slackware
advisories | CVE-2013-4505, CVE-2013-4558, CVE-2014-0032
SHA-256 | 76da3c1a614f58e823da66af1606ec1b461fc3a9dc9f72254429e3ca36b1946c
Page 1 of 1
Back1Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    18 Files
  • 19
    Nov 19th
    7 Files
  • 20
    Nov 20th
    13 Files
  • 21
    Nov 21st
    6 Files
  • 22
    Nov 22nd
    48 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    60 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close