CVE-2013-1849

The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x through 1.6.20 and 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a PROPFIND request for an activity URL.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
4.3 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:N/I:N/A:P
Base Score
CVSS 3.x
EPSS Score
Percentile: 94%
Affected Products (NVD)
VendorProductVersion
apachesubversion
1.6.0
apachesubversion
1.6.1
apachesubversion
1.6.2
apachesubversion
1.6.3
apachesubversion
1.6.4
apachesubversion
1.6.5
apachesubversion
1.6.6
apachesubversion
1.6.7
apachesubversion
1.6.8
apachesubversion
1.6.9
apachesubversion
1.6.10
apachesubversion
1.6.11
apachesubversion
1.6.12
apachesubversion
1.6.13
apachesubversion
1.6.14
apachesubversion
1.6.15
apachesubversion
1.6.16
apachesubversion
1.6.17
apachesubversion
1.6.18
apachesubversion
1.6.19
apachesubversion
1.6.20
apachesubversion
1.7.0
apachesubversion
1.7.1
apachesubversion
1.7.2
apachesubversion
1.7.3
apachesubversion
1.7.4
apachesubversion
1.7.5
apachesubversion
1.7.6
apachesubversion
1.7.7
apachesubversion
1.7.8
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
subversion
bookworm
1.14.2-4
fixed
bullseye
1.14.1-3+deb11u1
fixed
bullseye (security)
1.14.1-3+deb11u1
fixed
sid
1.14.4-2
fixed
squeeze
no-dsa
trixie
1.14.4-2
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
subversion
hardy
ignored
lucid
ignored
oneiric
ignored
precise
Fixed 1.6.17dfsg-3ubuntu3.3
released
quantal
Fixed 1.7.5-1ubuntu2.1
released
raring
Fixed 1.7.5-1ubuntu3.1
released
openSUSE logo
openSUSE / SLES Releases
openSUSE Product
Release
subversion
suse enterprise desktop 15
1.10.0-1.24
fixed
suse enterprise desktop 15 SP1
1.10.0-3.3.1
fixed
suse enterprise sap 15
1.10.0-1.24
fixed
suse enterprise sap 15 SP1
1.10.0-3.3.1
fixed
suse enterprise server 15
1.10.0-1.24
fixed
suse enterprise server 15 SP1
1.10.0-3.3.1
fixed
subversion-bash-completion
suse enterprise desktop 15
1.10.0-1.24
fixed
suse enterprise desktop 15 SP1
1.10.0-3.3.1
fixed
suse enterprise sap 15
1.10.0-1.24
fixed
suse enterprise sap 15 SP1
1.10.0-3.3.1
fixed
suse enterprise server 15
1.10.0-1.24
fixed
suse enterprise server 15 SP1
1.10.0-3.3.1
fixed
subversion-devel
suse enterprise desktop 15
1.10.0-1.24
fixed
suse enterprise desktop 15 SP1
1.10.0-3.3.1
fixed
suse enterprise sap 15
1.10.0-1.24
fixed
suse enterprise sap 15 SP1
1.10.0-3.3.1
fixed
suse enterprise server 15
1.10.0-1.24
fixed
suse enterprise server 15 SP1
1.10.0-3.3.1
fixed
subversion-perl
suse enterprise desktop 15
1.10.0-1.24
fixed
suse enterprise desktop 15 SP1
1.10.0-3.3.1
fixed
suse enterprise sap 15
1.10.0-1.24
fixed
suse enterprise sap 15 SP1
1.10.0-3.3.1
fixed
suse enterprise server 15
1.10.0-1.24
fixed
suse enterprise server 15 SP1
1.10.0-3.3.1
fixed
subversion-python
suse enterprise desktop 15
1.10.0-1.24
fixed
suse enterprise desktop 15 SP1
1.10.0-3.3.1
fixed
suse enterprise sap 15
1.10.0-1.24
fixed
suse enterprise sap 15 SP1
1.10.0-3.3.1
fixed
suse enterprise server 15
1.10.0-1.24
fixed
suse enterprise server 15 SP1
1.10.0-3.3.1
fixed
subversion-tools
suse enterprise desktop 15
1.10.0-1.24
fixed
suse enterprise desktop 15 SP1
1.10.0-3.3.1
fixed
suse enterprise sap 15
1.10.0-1.24
fixed
suse enterprise sap 15 SP1
1.10.0-3.3.1
fixed
suse enterprise server 15
1.10.0-1.24
fixed
suse enterprise server 15 SP1
1.10.0-3.3.1
fixed
Red Hat logo
Red Hat Enterprise Linux Releases
Red Hat Product
Release
mod
RHEL 6
0:1.6.11-9.el6_4
fixed
subversion
RHEL 6
0:1.6.11-9.el6_4
fixed
subversion-devel
RHEL 6
0:1.6.11-9.el6_4
fixed
subversion-gnome
RHEL 6
0:1.6.11-9.el6_4
fixed
subversion-javahl
RHEL 6
0:1.6.11-9.el6_4
fixed
subversion-kde
RHEL 6
0:1.6.11-9.el6_4
fixed
subversion-perl
RHEL 6
0:1.6.11-9.el6_4
fixed
subversion-ruby
RHEL 6
0:1.6.11-9.el6_4
fixed
subversion-svn2cl
RHEL 6
0:1.6.11-9.el6_4
fixed
Amazon Linux logo
Amazon Linux Releases
Amazon Package
Release
mod_dav_svn
Amazon Linux 1
0:1.7.9-1.28.amzn1
fixed
subversion
Amazon Linux 1
0:1.7.9-1.28.amzn1
fixed
subversion-debuginfo
Amazon Linux 1
0:1.7.9-1.28.amzn1
fixed
subversion-devel
Amazon Linux 1
0:1.7.9-1.28.amzn1
fixed
subversion-javahl
Amazon Linux 1
0:1.7.9-1.28.amzn1
fixed
subversion-libs
Amazon Linux 1
0:1.7.9-1.28.amzn1
fixed
subversion-perl
Amazon Linux 1
0:1.7.9-1.28.amzn1
fixed
subversion-python
Amazon Linux 1
0:1.7.9-1.28.amzn1
fixed
subversion-ruby
Amazon Linux 1
0:1.7.9-1.28.amzn1
fixed
subversion-tools
Amazon Linux 1
0:1.7.9-1.28.amzn1
fixed
References