CVE-2011-0715

The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.16, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a request that contains a lock token.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
4.3 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:N/I:N/A:P
Base Score
CVSS 3.x
EPSS Score
Percentile: 92%
Affected Products (NVD)
VendorProductVersion
apachesubversion
𝑥
≤ 1.6.15
apachesubversion
0.6
apachesubversion
0.7
apachesubversion
0.8
apachesubversion
0.9
apachesubversion
0.10.0
apachesubversion
0.10.1
apachesubversion
0.10.2
apachesubversion
0.11.1
apachesubversion
0.12.0
apachesubversion
0.13.0
apachesubversion
0.13.1
apachesubversion
0.13.2
apachesubversion
0.14.0
apachesubversion
0.14.1
apachesubversion
0.14.2
apachesubversion
0.14.3
apachesubversion
0.14.4
apachesubversion
0.14.5
apachesubversion
0.15
apachesubversion
0.16
apachesubversion
0.16.1
apachesubversion
0.17.0
apachesubversion
0.17.1
apachesubversion
0.18.0
apachesubversion
0.18.1
apachesubversion
0.19.0
apachesubversion
0.19.1
apachesubversion
0.20.0
apachesubversion
0.20.1
apachesubversion
0.21.0
apachesubversion
0.22.0
apachesubversion
0.22.1
apachesubversion
0.22.2
apachesubversion
0.23.0
apachesubversion
0.24.0
apachesubversion
0.24.1
apachesubversion
0.24.2
apachesubversion
0.25.0
apachesubversion
0.26.0
apachesubversion
0.27.0
apachesubversion
0.28.0
apachesubversion
0.28.1
apachesubversion
0.28.2
apachesubversion
0.29.0
apachesubversion
0.30.0
apachesubversion
0.31.0
apachesubversion
0.32.1
apachesubversion
0.33.0
apachesubversion
0.33.1
apachesubversion
0.34.0
apachesubversion
0.35.0
apachesubversion
0.35.1
apachesubversion
0.36.0
apachesubversion
0.37.0
apachesubversion
1.0.0
apachesubversion
1.0.1
apachesubversion
1.0.2
apachesubversion
1.0.3
apachesubversion
1.0.4
apachesubversion
1.0.5
apachesubversion
1.0.6
apachesubversion
1.0.7
apachesubversion
1.0.8
apachesubversion
1.0.9
apachesubversion
1.1.0
apachesubversion
1.1.1
apachesubversion
1.1.2
apachesubversion
1.1.3
apachesubversion
1.1.4
apachesubversion
1.2.0
apachesubversion
1.2.1
apachesubversion
1.2.2
apachesubversion
1.2.3
apachesubversion
1.3.0
apachesubversion
1.3.1
apachesubversion
1.3.2
apachesubversion
1.4.0
apachesubversion
1.4.1
apachesubversion
1.4.2
apachesubversion
1.4.3
apachesubversion
1.4.4
apachesubversion
1.4.5
apachesubversion
1.4.6
apachesubversion
1.5.0
apachesubversion
1.5.1
apachesubversion
1.5.2
apachesubversion
1.5.3
apachesubversion
1.5.4
apachesubversion
1.5.5
apachesubversion
1.5.6
apachesubversion
1.5.7
apachesubversion
1.5.8
apachesubversion
1.6.0
apachesubversion
1.6.1
apachesubversion
1.6.2
apachesubversion
1.6.3
apachesubversion
1.6.4
apachesubversion
1.6.5
apachesubversion
1.6.6
apachesubversion
1.6.7
apachesubversion
1.6.8
apachesubversion
1.6.9
apachesubversion
1.6.10
apachesubversion
1.6.11
apachesubversion
1.6.12
apachesubversion
1.6.13
apachesubversion
1.6.14
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
subversion
bookworm
1.14.2-4
fixed
bullseye
1.14.1-3+deb11u1
fixed
bullseye (security)
1.14.1-3+deb11u1
fixed
sid
1.14.4-2
fixed
trixie
1.14.4-2
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
subversion
dapper
Fixed 1.3.1-3ubuntu1.4
released
hardy
Fixed 1.4.6dfsg1-2ubuntu1.3
released
karmic
Fixed 1.6.5dfsg-1ubuntu1.2
released
lucid
Fixed 1.6.6dfsg-2ubuntu1.2
released
maverick
Fixed 1.6.12dfsg-1ubuntu1.2
released
openSUSE logo
openSUSE / SLES Releases
openSUSE Product
Release
subversion
suse enterprise desktop 15
1.10.0-1.24
fixed
suse enterprise desktop 15 SP1
1.10.0-3.3.1
fixed
suse enterprise sap 15
1.10.0-1.24
fixed
suse enterprise sap 15 SP1
1.10.0-3.3.1
fixed
suse enterprise server 15
1.10.0-1.24
fixed
suse enterprise server 15 SP1
1.10.0-3.3.1
fixed
subversion-bash-completion
suse enterprise desktop 15
1.10.0-1.24
fixed
suse enterprise desktop 15 SP1
1.10.0-3.3.1
fixed
suse enterprise sap 15
1.10.0-1.24
fixed
suse enterprise sap 15 SP1
1.10.0-3.3.1
fixed
suse enterprise server 15
1.10.0-1.24
fixed
suse enterprise server 15 SP1
1.10.0-3.3.1
fixed
subversion-devel
suse enterprise desktop 15
1.10.0-1.24
fixed
suse enterprise desktop 15 SP1
1.10.0-3.3.1
fixed
suse enterprise sap 15
1.10.0-1.24
fixed
suse enterprise sap 15 SP1
1.10.0-3.3.1
fixed
suse enterprise server 15
1.10.0-1.24
fixed
suse enterprise server 15 SP1
1.10.0-3.3.1
fixed
subversion-perl
suse enterprise desktop 15
1.10.0-1.24
fixed
suse enterprise desktop 15 SP1
1.10.0-3.3.1
fixed
suse enterprise sap 15
1.10.0-1.24
fixed
suse enterprise sap 15 SP1
1.10.0-3.3.1
fixed
suse enterprise server 15
1.10.0-1.24
fixed
suse enterprise server 15 SP1
1.10.0-3.3.1
fixed
subversion-python
suse enterprise desktop 15
1.10.0-1.24
fixed
suse enterprise desktop 15 SP1
1.10.0-3.3.1
fixed
suse enterprise sap 15
1.10.0-1.24
fixed
suse enterprise sap 15 SP1
1.10.0-3.3.1
fixed
suse enterprise server 15
1.10.0-1.24
fixed
suse enterprise server 15 SP1
1.10.0-3.3.1
fixed
subversion-tools
suse enterprise desktop 15
1.10.0-1.24
fixed
suse enterprise desktop 15 SP1
1.10.0-3.3.1
fixed
suse enterprise sap 15
1.10.0-1.24
fixed
suse enterprise sap 15 SP1
1.10.0-3.3.1
fixed
suse enterprise server 15
1.10.0-1.24
fixed
suse enterprise server 15 SP1
1.10.0-3.3.1
fixed
Red Hat logo
Red Hat Enterprise Linux Releases
Red Hat Product
Release
mod
RHEL 6
0:1.6.11-2.el6_0.3
fixed
subversion
RHEL 6
0:1.6.11-2.el6_0.3
fixed
subversion-devel
RHEL 6
0:1.6.11-2.el6_0.3
fixed
subversion-gnome
RHEL 6
0:1.6.11-2.el6_0.3
fixed
subversion-javahl
RHEL 6
0:1.6.11-2.el6_0.3
fixed
subversion-kde
RHEL 6
0:1.6.11-2.el6_0.3
fixed
subversion-perl
RHEL 6
0:1.6.11-2.el6_0.3
fixed
subversion-ruby
RHEL 6
0:1.6.11-2.el6_0.3
fixed
subversion-svn2cl
RHEL 6
0:1.6.11-2.el6_0.3
fixed
References
http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html
http://lists.fedoraproject.org/pipermail/package-announce/2011-March/056071.html
http://lists.fedoraproject.org/pipermail/package-announce/2011-March/056072.html
http://lists.fedoraproject.org/pipermail/package-announce/2011-March/056736.html
http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html
http://secunia.com/advisories/43583
http://secunia.com/advisories/43603
http://secunia.com/advisories/43672
http://secunia.com/advisories/43794
http://securitytracker.com/id?1025161
http://slackware.com/security/viewer.php?l=slackware-security&y=2011&m=slackware-security.479953
http://subversion.apache.org/security/CVE-2011-0715-advisory.txt
http://support.apple.com/kb/HT4723
http://svn.apache.org/repos/asf/subversion/tags/1.6.16/CHANGES
http://svn.apache.org/viewvc?view=revision&revision=1071239
http://svn.apache.org/viewvc?view=revision&revision=1071307
http://svn.haxx.se/dev/archive-2011-03/0122.shtml
http://www.debian.org/security/2011/dsa-2181
http://www.mandriva.com/security/advisories?name=MDVSA-2011:067
http://www.osvdb.org/70964
http://www.securityfocus.com/bid/46734
http://www.ubuntu.com/usn/USN-1096-1
http://www.vupen.com/english/advisories/2011/0567
http://www.vupen.com/english/advisories/2011/0568
http://www.vupen.com/english/advisories/2011/0624
http://www.vupen.com/english/advisories/2011/0660
http://www.vupen.com/english/advisories/2011/0684
http://www.vupen.com/english/advisories/2011/0776
http://www.vupen.com/english/advisories/2011/0885
https://bugzilla.redhat.com/show_bug.cgi?id=680755
https://exchange.xforce.ibmcloud.com/vulnerabilities/65876
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18967
https://rhn.redhat.com/errata/RHSA-2011-0327.html
https://rhn.redhat.com/errata/RHSA-2011-0328.html
http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html
http://lists.fedoraproject.org/pipermail/package-announce/2011-March/056071.html
http://lists.fedoraproject.org/pipermail/package-announce/2011-March/056072.html
http://lists.fedoraproject.org/pipermail/package-announce/2011-March/056736.html
http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html
http://secunia.com/advisories/43583
http://secunia.com/advisories/43603
http://secunia.com/advisories/43672
http://secunia.com/advisories/43794
http://securitytracker.com/id?1025161
http://slackware.com/security/viewer.php?l=slackware-security&y=2011&m=slackware-security.479953
http://subversion.apache.org/security/CVE-2011-0715-advisory.txt
http://support.apple.com/kb/HT4723
http://svn.apache.org/repos/asf/subversion/tags/1.6.16/CHANGES
http://svn.apache.org/viewvc?view=revision&revision=1071239
http://svn.apache.org/viewvc?view=revision&revision=1071307
http://svn.haxx.se/dev/archive-2011-03/0122.shtml
http://www.debian.org/security/2011/dsa-2181
http://www.mandriva.com/security/advisories?name=MDVSA-2011:067
http://www.osvdb.org/70964
http://www.securityfocus.com/bid/46734
http://www.ubuntu.com/usn/USN-1096-1
http://www.vupen.com/english/advisories/2011/0567
http://www.vupen.com/english/advisories/2011/0568
http://www.vupen.com/english/advisories/2011/0624
http://www.vupen.com/english/advisories/2011/0660
http://www.vupen.com/english/advisories/2011/0684
http://www.vupen.com/english/advisories/2011/0776
http://www.vupen.com/english/advisories/2011/0885
https://bugzilla.redhat.com/show_bug.cgi?id=680755
https://exchange.xforce.ibmcloud.com/vulnerabilities/65876
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18967
https://rhn.redhat.com/errata/RHSA-2011-0327.html
https://rhn.redhat.com/errata/RHSA-2011-0328.html