CVE-2013-1847

EUVD-2013-1854
The mod_dav_svn Apache HTTPD server module in Subversion 1.6.0 through 1.6.20 and 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via an anonymous LOCK for a URL that does not exist.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:N/I:N/A:P
Base Score
CVSS 3.x
EPSS Score
Percentile: 97%
Affected Products (NVD)
VendorProductVersion
apachesubversion
1.6.0
apachesubversion
1.6.1
apachesubversion
1.6.2
apachesubversion
1.6.3
apachesubversion
1.6.4
apachesubversion
1.6.5
apachesubversion
1.6.6
apachesubversion
1.6.7
apachesubversion
1.6.8
apachesubversion
1.6.9
apachesubversion
1.6.10
apachesubversion
1.6.11
apachesubversion
1.6.12
apachesubversion
1.6.13
apachesubversion
1.6.14
apachesubversion
1.6.15
apachesubversion
1.6.16
apachesubversion
1.6.17
apachesubversion
1.6.18
apachesubversion
1.6.19
apachesubversion
1.6.20
apachesubversion
1.7.0
apachesubversion
1.7.1
apachesubversion
1.7.2
apachesubversion
1.7.3
apachesubversion
1.7.4
apachesubversion
1.7.5
apachesubversion
1.7.6
apachesubversion
1.7.7
apachesubversion
1.7.8
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
subversion
bookworm
1.14.2-4
fixed
bullseye
1.14.1-3+deb11u1
fixed
bullseye (security)
1.14.1-3+deb11u1
fixed
sid
1.14.4-2
fixed
squeeze
no-dsa
trixie
1.14.4-2
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
subversion
hardy
ignored
lucid
ignored
oneiric
ignored
precise
Fixed 1.6.17dfsg-3ubuntu3.3
released
quantal
Fixed 1.7.5-1ubuntu2.1
released
raring
Fixed 1.7.5-1ubuntu3.1
released
References
http://lists.opensuse.org/opensuse-updates/2013-04/msg00095.html
http://lists.opensuse.org/opensuse-updates/2013-06/msg00069.html
http://mail-archives.apache.org/mod_mbox/subversion-announce/201304.mbox/%3CCADkdwvRoyVrZV12tgC0FMGrc6%2BMisd3qTcZ%2BDdpFGgTahkgAkQ%40mail.gmail.com%3E
http://mail-archives.apache.org/mod_mbox/subversion-announce/201304.mbox/%3CCADkdwvSTMLbn4q_KM3Ph2UOeSiPGhEK4%3DSvwEjaHW_GUGkYWPQ%40mail.gmail.com%3E
http://rhn.redhat.com/errata/RHSA-2013-0737.html
http://subversion.apache.org/security/CVE-2013-1847-advisory.txt
http://www.mandriva.com/security/advisories?name=MDVSA-2013:153
http://www.ubuntu.com/usn/USN-1893-1
https://bugzilla.redhat.com/show_bug.cgi?id=929090
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18538
http://lists.opensuse.org/opensuse-updates/2013-04/msg00095.html
http://lists.opensuse.org/opensuse-updates/2013-06/msg00069.html
http://mail-archives.apache.org/mod_mbox/subversion-announce/201304.mbox/%3CCADkdwvRoyVrZV12tgC0FMGrc6%2BMisd3qTcZ%2BDdpFGgTahkgAkQ%40mail.gmail.com%3E
http://mail-archives.apache.org/mod_mbox/subversion-announce/201304.mbox/%3CCADkdwvSTMLbn4q_KM3Ph2UOeSiPGhEK4%3DSvwEjaHW_GUGkYWPQ%40mail.gmail.com%3E
http://rhn.redhat.com/errata/RHSA-2013-0737.html
http://subversion.apache.org/security/CVE-2013-1847-advisory.txt
http://www.mandriva.com/security/advisories?name=MDVSA-2013:153
http://www.ubuntu.com/usn/USN-1893-1
https://bugzilla.redhat.com/show_bug.cgi?id=929090
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18538