CVE-2013-4558

EUVD-2013-4417
The get_parent_resource function in repos.c in mod_dav_svn Apache HTTPD server module in Subversion 1.7.11 through 1.7.13 and 1.8.1 through 1.8.4, when built with assertions enabled and SVNAutoversioning is enabled, allows remote attackers to cause a denial of service (assertion failure and Apache process abort) via a non-canonical URL in a request, as demonstrated using a trailing /.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
3.5 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:S/C:N/I:N/A:P
Base Score
CVSS 3.x
EPSS Score
Percentile: 82%
Affected Products (NVD)
VendorProductVersion
apachemod_dav_svn
-
apachesubversion
1.7.11
apachesubversion
1.7.12
apachesubversion
1.7.13
apachesubversion
1.8.1
apachesubversion
1.8.2
apachesubversion
1.8.3
apachesubversion
1.8.4
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
subversion
bookworm
1.14.2-4
fixed
bullseye
1.14.1-3+deb11u1
fixed
bullseye (security)
1.14.1-3+deb11u1
fixed
sid
1.14.4-2
fixed
squeeze
not-affected
trixie
1.14.4-2
fixed
wheezy
not-affected
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
subversion
lucid
ignored
precise
not-affected
quantal
not-affected
raring
not-affected
saucy
not-affected
trusty
dne
Common Weakness Enumeration
References
http://lists.opensuse.org/opensuse-updates/2013-12/msg00029.html
http://lists.opensuse.org/opensuse-updates/2013-12/msg00048.html
http://osvdb.org/100363
http://subversion.apache.org/security/CVE-2013-4558-advisory.txt
https://bugzilla.redhat.com/show_bug.cgi?id=1033431
https://github.com/apache/subversion/commit/2c77c43e4255555f3b79f761f0d141393a3856cc
https://github.com/apache/subversion/commit/647e3f8365a74831bb915f63793b63e31fae062d
http://lists.opensuse.org/opensuse-updates/2013-12/msg00029.html
http://lists.opensuse.org/opensuse-updates/2013-12/msg00048.html
http://osvdb.org/100363
http://subversion.apache.org/security/CVE-2013-4558-advisory.txt
https://bugzilla.redhat.com/show_bug.cgi?id=1033431
https://github.com/apache/subversion/commit/2c77c43e4255555f3b79f761f0d141393a3856cc
https://github.com/apache/subversion/commit/647e3f8365a74831bb915f63793b63e31fae062d