CVE-2013-4505

The is_this_legal function in mod_dontdothat for Apache Subversion 1.4.0 through 1.7.13 and 1.8.0 through 1.8.4 allows remote attackers to bypass intended access restrictions and possibly cause a denial of service (resource consumption) via a relative URL in a REPORT request.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
2.6 UNKNOWN
NETWORK
HIGH
AV:N/AC:H/Au:N/C:N/I:N/A:P
Base Score
CVSS 3.x
EPSS Score
Percentile: 94%
Affected Products (NVD)
VendorProductVersion
apachemod_dontdothat
-
apachesubversion
1.4.0
apachesubversion
1.4.1
apachesubversion
1.4.2
apachesubversion
1.4.3
apachesubversion
1.4.4
apachesubversion
1.4.5
apachesubversion
1.4.6
apachesubversion
1.5.0
apachesubversion
1.5.1
apachesubversion
1.5.2
apachesubversion
1.5.3
apachesubversion
1.5.4
apachesubversion
1.5.5
apachesubversion
1.5.6
apachesubversion
1.5.7
apachesubversion
1.5.8
apachesubversion
1.6.0
apachesubversion
1.6.1
apachesubversion
1.6.2
apachesubversion
1.6.3
apachesubversion
1.6.4
apachesubversion
1.6.5
apachesubversion
1.6.6
apachesubversion
1.6.7
apachesubversion
1.6.8
apachesubversion
1.6.9
apachesubversion
1.6.10
apachesubversion
1.6.11
apachesubversion
1.6.12
apachesubversion
1.6.13
apachesubversion
1.6.14
apachesubversion
1.6.15
apachesubversion
1.6.16
apachesubversion
1.6.17
apachesubversion
1.6.18
apachesubversion
1.6.19
apachesubversion
1.6.20
apachesubversion
1.6.21
apachesubversion
1.6.23
apachesubversion
1.7.0
apachesubversion
1.7.1
apachesubversion
1.7.2
apachesubversion
1.7.3
apachesubversion
1.7.4
apachesubversion
1.7.5
apachesubversion
1.7.6
apachesubversion
1.7.7
apachesubversion
1.7.8
apachesubversion
1.7.9
apachesubversion
1.7.10
apachesubversion
1.7.11
apachesubversion
1.7.12
apachesubversion
1.8.1
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
subversion
bookworm
1.14.2-4
fixed
bullseye
1.14.1-3+deb11u1
fixed
bullseye (security)
1.14.1-3+deb11u1
fixed
sid
1.14.4-2
fixed
trixie
1.14.4-2
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
subversion
lucid
ignored
precise
not-affected
quantal
not-affected
raring
not-affected
saucy
not-affected
openSUSE logo
openSUSE / SLES Releases
openSUSE Product
Release
subversion
suse enterprise desktop 15
1.10.0-1.24
fixed
suse enterprise desktop 15 SP1
1.10.0-3.3.1
fixed
suse enterprise sap 15
1.10.0-1.24
fixed
suse enterprise sap 15 SP1
1.10.0-3.3.1
fixed
suse enterprise server 15
1.10.0-1.24
fixed
suse enterprise server 15 SP1
1.10.0-3.3.1
fixed
subversion-bash-completion
suse enterprise desktop 15
1.10.0-1.24
fixed
suse enterprise desktop 15 SP1
1.10.0-3.3.1
fixed
suse enterprise sap 15
1.10.0-1.24
fixed
suse enterprise sap 15 SP1
1.10.0-3.3.1
fixed
suse enterprise server 15
1.10.0-1.24
fixed
suse enterprise server 15 SP1
1.10.0-3.3.1
fixed
subversion-devel
suse enterprise desktop 15
1.10.0-1.24
fixed
suse enterprise desktop 15 SP1
1.10.0-3.3.1
fixed
suse enterprise sap 15
1.10.0-1.24
fixed
suse enterprise sap 15 SP1
1.10.0-3.3.1
fixed
suse enterprise server 15
1.10.0-1.24
fixed
suse enterprise server 15 SP1
1.10.0-3.3.1
fixed
subversion-perl
suse enterprise desktop 15
1.10.0-1.24
fixed
suse enterprise desktop 15 SP1
1.10.0-3.3.1
fixed
suse enterprise sap 15
1.10.0-1.24
fixed
suse enterprise sap 15 SP1
1.10.0-3.3.1
fixed
suse enterprise server 15
1.10.0-1.24
fixed
suse enterprise server 15 SP1
1.10.0-3.3.1
fixed
subversion-python
suse enterprise desktop 15
1.10.0-1.24
fixed
suse enterprise desktop 15 SP1
1.10.0-3.3.1
fixed
suse enterprise sap 15
1.10.0-1.24
fixed
suse enterprise sap 15 SP1
1.10.0-3.3.1
fixed
suse enterprise server 15
1.10.0-1.24
fixed
suse enterprise server 15 SP1
1.10.0-3.3.1
fixed
subversion-tools
suse enterprise desktop 15
1.10.0-1.24
fixed
suse enterprise desktop 15 SP1
1.10.0-3.3.1
fixed
suse enterprise sap 15
1.10.0-1.24
fixed
suse enterprise sap 15 SP1
1.10.0-3.3.1
fixed
suse enterprise server 15
1.10.0-1.24
fixed
suse enterprise server 15 SP1
1.10.0-3.3.1
fixed
Amazon Linux logo
Amazon Linux Releases
Amazon Package
Release
mod_dav_svn
Amazon Linux 1
0:1.7.14-1.36.amzn1
fixed
subversion
Amazon Linux 1
0:1.7.14-1.36.amzn1
fixed
subversion-debuginfo
Amazon Linux 1
0:1.7.14-1.36.amzn1
fixed
subversion-devel
Amazon Linux 1
0:1.7.14-1.36.amzn1
fixed
subversion-javahl
Amazon Linux 1
0:1.7.14-1.36.amzn1
fixed
subversion-libs
Amazon Linux 1
0:1.7.14-1.36.amzn1
fixed
subversion-perl
Amazon Linux 1
0:1.7.14-1.36.amzn1
fixed
subversion-python
Amazon Linux 1
0:1.7.14-1.36.amzn1
fixed
subversion-ruby
Amazon Linux 1
0:1.7.14-1.36.amzn1
fixed
subversion-tools
Amazon Linux 1
0:1.7.14-1.36.amzn1
fixed
Common Weakness Enumeration