CVE-2014-8108

The mod_dav_svn Apache HTTPD server module in Apache Subversion 1.7.x before 1.7.19 and 1.8.x before 1.8.11 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a request for a URI that triggers a lookup for a virtual transaction name that does not exist.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:N/I:N/A:P
redhatCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 90%
VendorProductVersion
redhatenterprise_linux_desktop
7.0
redhatenterprise_linux_hpc_node
7.0
redhatenterprise_linux_server
7.0
redhatenterprise_linux_workstation
7.0
apachesubversion
1.0.0
apachesubversion
1.0.1
apachesubversion
1.0.2
apachesubversion
1.0.3
apachesubversion
1.0.4
apachesubversion
1.0.5
apachesubversion
1.0.6
apachesubversion
1.0.7
apachesubversion
1.0.8
apachesubversion
1.0.9
apachesubversion
1.1.0
apachesubversion
1.1.1
apachesubversion
1.1.2
apachesubversion
1.1.3
apachesubversion
1.1.4
apachesubversion
1.2.0
apachesubversion
1.2.1
apachesubversion
1.2.2
apachesubversion
1.2.3
apachesubversion
1.3.0
apachesubversion
1.3.1
apachesubversion
1.3.2
apachesubversion
1.4.0
apachesubversion
1.4.1
apachesubversion
1.4.2
apachesubversion
1.4.3
apachesubversion
1.4.4
apachesubversion
1.4.5
apachesubversion
1.4.6
apachesubversion
1.5.0
apachesubversion
1.5.1
apachesubversion
1.5.2
apachesubversion
1.5.3
apachesubversion
1.5.4
apachesubversion
1.5.5
apachesubversion
1.5.6
apachesubversion
1.5.7
apachesubversion
1.5.8
apachesubversion
1.6.0
apachesubversion
1.6.1
apachesubversion
1.6.2
apachesubversion
1.6.3
apachesubversion
1.6.4
apachesubversion
1.6.5
apachesubversion
1.6.6
apachesubversion
1.6.7
apachesubversion
1.6.8
apachesubversion
1.6.9
apachesubversion
1.6.10
apachesubversion
1.6.11
apachesubversion
1.6.12
apachesubversion
1.6.13
apachesubversion
1.6.14
apachesubversion
1.6.15
apachesubversion
1.6.16
apachesubversion
1.6.17
apachesubversion
1.6.18
apachesubversion
1.6.19
apachesubversion
1.6.20
apachesubversion
1.6.21
apachesubversion
1.6.23
apachesubversion
1.7.0
apachesubversion
1.7.1
apachesubversion
1.7.2
apachesubversion
1.7.3
apachesubversion
1.7.4
apachesubversion
1.7.5
apachesubversion
1.7.6
apachesubversion
1.7.7
apachesubversion
1.7.8
apachesubversion
1.7.9
apachesubversion
1.7.10
apachesubversion
1.7.11
apachesubversion
1.7.12
apachesubversion
1.7.13
apachesubversion
1.7.14
apachesubversion
1.7.15
apachesubversion
1.7.16
apachesubversion
1.7.17
apachesubversion
1.7.18
apachesubversion
1.7.19
apachesubversion
1.8.0
apachesubversion
1.8.1
apachesubversion
1.8.2
apachesubversion
1.8.3
apachesubversion
1.8.4
apachesubversion
1.8.5
apachesubversion
1.8.6
apachesubversion
1.8.7
apachesubversion
1.8.8
apachesubversion
1.8.10
applexcode
6.1.1
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
subversion
bullseye (security)
1.14.1-3+deb11u1
fixed
bullseye
1.14.1-3+deb11u1
fixed
wheezy
not-affected
squeeze
not-affected
bookworm
1.14.2-4
fixed
sid
1.14.4-2
fixed
trixie
1.14.4-2
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
subversion
vivid
Fixed 1.8.10-5ubuntu1
released
utopic
ignored
trusty
Fixed 1.8.8-1ubuntu3.2
released
precise
not-affected
lucid
ignored
References
http://lists.apple.com/archives/security-announce/2015/Mar/msg00003.html
http://rhn.redhat.com/errata/RHSA-2015-0166.html
http://secunia.com/advisories/61131
http://subversion.apache.org/security/CVE-2014-8108-advisory.txt
http://www.securityfocus.com/bid/71725
http://www.ubuntu.com/usn/USN-2721-1
https://support.apple.com/HT204427
http://lists.apple.com/archives/security-announce/2015/Mar/msg00003.html
http://rhn.redhat.com/errata/RHSA-2015-0166.html
http://secunia.com/advisories/61131
http://subversion.apache.org/security/CVE-2014-8108-advisory.txt
http://www.securityfocus.com/bid/71725
http://www.ubuntu.com/usn/USN-2721-1
https://support.apple.com/HT204427