The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of Apache Subversion

vulnerability announce CVE-2017-9800

Apache Subversion Client: code execution via svn+ssh

Synthesis of the vulnerability

An attacker can use a vulnerability via svn+ssh of the Apache Subversion client, in order to run code.
Impacted products: Subversion, Debian, Fedora, openSUSE Leap, Solaris, RHEL, Slackware, SUSE Linux Enterprise Desktop, SLES, Synology DSM, Ubuntu.
Severity: 4/4.
Consequences: user access/rights.
Provenance: internet server.
Creation date: 11/08/2017.
Identifiers: bulletinjul2017, CVE-2017-9800, DLA-1052-1, DSA-3932-1, FEDORA-2017-1d1a38bdd1, FEDORA-2017-951b6a78d4, openSUSE-SU-2017:2183-1, RHSA-2017:2480-01, SSA:2017-223-04, SUSE-SU-2017:2163-1, SUSE-SU-2017:2200-1, Synology-SA-17:42, USN-3388-1, USN-3388-2, VIGILANCE-VUL-23502.

Description of the vulnerability

An attacker can use a vulnerability via svn+ssh of the Apache Subversion client, in order to run code.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability announce 23357

Subversion: denial of service via SHA-1 Collision

Synthesis of the vulnerability

An attacker can use SHA-1 collisions on Subversion, in order to trigger a denial of service.
Impacted products: Subversion, Fedora.
Severity: 2/4.
Consequences: denial of service on service, denial of service on client.
Provenance: user account.
Creation date: 26/07/2017.
Identifiers: FEDORA-2017-704c201dbb, FEDORA-2017-b9e4c24094, VIGILANCE-VUL-23357.

Description of the vulnerability

An attacker can use SHA-1 collisions on Subversion, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability alert CVE-2016-8734

Subversion: external XML entity injection

Synthesis of the vulnerability

An attacker can transmit malicious XML data to Subversion, in order to read a file, scan sites, or trigger a denial of service.
Impacted products: Subversion, Debian, Fedora, openSUSE Leap, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Consequences: data reading, denial of service on service.
Provenance: document.
Creation date: 29/11/2016.
Identifiers: CVE-2016-8734, DSA-3932-1, FEDORA-2017-c629f16f6c, openSUSE-SU-2016:3073-1, SUSE-SU-2017:2163-1, SUSE-SU-2017:2200-1, USN-3388-1, VIGILANCE-VUL-21236.

Description of the vulnerability

XML data can contain external entities (DTD):
  <!ENTITY name SYSTEM "file">
  <!ENTITY name SYSTEM "http://server/file">
A program which reads these XML data can replace these entities by data coming from the indicated file. When the program uses XML data coming from an untrusted source, this behavior leads to:
 - content disclosure from files of the server
 - private web site scan
 - a denial of service by opening a blocking file
This feature must be disabled to process XML data coming from an untrusted source.

However, the Subversion parser allows external entities.

An attacker can therefore transmit malicious XML data to Subversion, in order to read a file, scan sites, or trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

vulnerability CVE-2016-2167 CVE-2016-2168

Apache Subversion: two vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Apache Subversion.
Impacted products: Subversion, Debian, Fedora, openSUSE, openSUSE Leap, Solaris, Slackware, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Consequences: user access/rights, denial of service on service.
Provenance: intranet client.
Number of vulnerabilities in this bulletin: 2.
Creation date: 28/04/2016.
Identifiers: bulletinjul2018, CVE-2016-2167, CVE-2016-2168, DLA-448-1, DSA-3561-1, FEDORA-2016-e024b3e02b, openSUSE-SU-2016:1263-1, openSUSE-SU-2016:1264-1, SSA:2016-121-01, SUSE-SU-2017:2200-1, USN-3388-1, USN-3388-2, VIGILANCE-VUL-19480.

Description of the vulnerability

Several vulnerabilities were announced in Apache Subversion.

An attacker can bypass security features in svnserve/sasl, in order to escalate his privileges. [severity:2/4; CVE-2016-2167]

An attacker can force a NULL pointer to be dereferenced in mod_authz_svn, in order to trigger a denial of service. [severity:2/4; CVE-2016-2168]
Full Vigil@nce bulletin... (Free trial)

computer vulnerability announce CVE-2015-5343

Apache Subversion: buffer overflow of mod_dav_svn

Synthesis of the vulnerability

An authenticated attacker can generate a buffer overflow in the mod_dav_svn module of Apache Subversion, in order to trigger a denial of service, and possibly to run code.
Impacted products: Subversion, Debian, Fedora, openSUSE, openSUSE Leap, Slackware, SUSE Linux Enterprise Desktop, SLES.
Severity: 2/4.
Consequences: user access/rights, denial of service on service.
Provenance: user account.
Creation date: 16/12/2015.
Identifiers: CVE-2015-5343, DSA-3424-1, FEDORA-2015-6efa349a85, FEDORA-2015-afdb0e8aaa, openSUSE-SU-2015:2362-1, openSUSE-SU-2015:2363-1, SSA:2016-097-01, SUSE-SU-2017:2200-1, VIGILANCE-VUL-18537.

Description of the vulnerability

The Apache Subversion product uses the mod_dav_svn module to be accessed with a web client.

However, an attacker with a write access can send a query too large. An overflow thus occurs in the subversion/mod_dav_svn/util.c file.

An authenticated attacker can therefore generate a buffer overflow in the mod_dav_svn module of Apache Subversion, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability alert CVE-2015-5259

Apache Subversion: integer overflow of svn_error_create

Synthesis of the vulnerability

An attacker can generate an integer overflow in the svn_error_create() function of Apache Subversion, in order to trigger a denial of service, and possibly to run code.
Impacted products: Subversion, Fedora.
Severity: 3/4.
Consequences: user access/rights, denial of service on service.
Provenance: intranet client.
Creation date: 16/12/2015.
Identifiers: CVE-2015-5259, FEDORA-2015-6efa349a85, FEDORA-2015-afdb0e8aaa, VIGILANCE-VUL-18536.

Description of the vulnerability

The Apache Subversion product uses uris of the "svn://" family.

When this uri contains an error, the svn_error_create() function creates a message. However, if the size indicated for this uri is too large, an integer overflows, then the size verification is bypassed. Data from the uri thus overwrites the end of the buffer containing the error message.

An attacker can therefore generate an integer overflow in the svn_error_create() function of Apache Subversion, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability announce CVE-2015-3184 CVE-2015-3187

Apache Subversion: two vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Apache Subversion.
Impacted products: Subversion, Debian, Fedora, openSUSE, openSUSE Leap, RHEL, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Consequences: data reading, data creation/edition.
Provenance: document.
Number of vulnerabilities in this bulletin: 2.
Creation date: 06/08/2015.
Identifiers: CVE-2015-3184, CVE-2015-3187, DSA-3331-1, FEDORA-2015-6efa349a85, openSUSE-SU-2015:1401-1, openSUSE-SU-2015:2363-1, RHSA-2015:1742-01, SUSE-SU-2017:2200-1, USN-2721-1, VIGILANCE-VUL-17597.

Description of the vulnerability

Several vulnerabilities were announced in Apache Subversion.

An unauthenticated attacker can bypass security features of mod_authz_svn on Apache httpd 2.4.*, in order to access to files which should be protected. [severity:2/4; CVE-2015-3184]

An attacker can use svn_repos_trace_node_locations(), in order to obtain the history of paths of a node, to see sensitive information. [severity:1/4; CVE-2015-3187]
Full Vigil@nce bulletin... (Free trial)

vulnerability alert CVE-2015-0202 CVE-2015-0248 CVE-2015-0251

Apache Subversion: three vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Apache Subversion.
Impacted products: Subversion, Debian, Fedora, openSUSE, Solaris, RHEL, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Consequences: denial of service on service.
Provenance: user account.
Number of vulnerabilities in this bulletin: 3.
Creation date: 31/03/2015.
Revision date: 12/06/2015.
Identifiers: bulletinoct2015, CVE-2015-0202, CVE-2015-0248, CVE-2015-0251, DSA-3231-1, FEDORA-2015-11795, MDVSA-2015:192, openSUSE-SU-2015:0672-1, RHSA-2015:1633-01, RHSA-2015:1742-01, SUSE-SU-2017:2200-1, USN-2721-1, VIGILANCE-VUL-16501.

Description of the vulnerability

Several vulnerabilities were announced in Apache Subversion.

An attacker can use numerous resources with FSFS, in order to trigger a denial of service. [severity:2/4; CVE-2015-0202]

An attacker can generate an assertion error in mod_dav_svn and svnserve, in order to trigger a denial of service. [severity:2/4; CVE-2015-0248]

An attacker can spoof the svn:author propertywith a specially chosen sequence of WebDAV commands for the version 1 of the protocol implemented by the Apache module mod_dav_svn. [severity:1/4; CVE-2015-0251]
Full Vigil@nce bulletin... (Free trial)

computer vulnerability bulletin CVE-2014-3580 CVE-2014-8108

Apache Subversion: two vulnerabilities of mod_dav_svn

Synthesis of the vulnerability

An attacker can use several vulnerabilities of mod_dav_svn of Apache Subversion.
Impacted products: Subversion, Debian, Fedora, openSUSE, RHEL, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Consequences: denial of service on service.
Provenance: intranet client.
Number of vulnerabilities in this bulletin: 2.
Creation date: 16/12/2014.
Identifiers: CVE-2014-3580, CVE-2014-8108, DSA-3107-1, DSA-3107-2, FEDORA-2014-17118, FEDORA-2014-17222, MDVSA-2015:005, openSUSE-SU-2014:1725-1, RHSA-2015:0165-01, RHSA-2015:0166-01, SUSE-SU-2017:2200-1, USN-2721-1, VIGILANCE-VUL-15818.

Description of the vulnerability

Several vulnerabilities were announced in Apache Subversion.

An attacker can send a malicious REPORT request, in order to trigger a denial of service. [severity:2/4; CVE-2014-3580]

An attacker can use a malicious transaction name, in order to trigger a denial of service. [severity:2/4; CVE-2014-8108]
Full Vigil@nce bulletin... (Free trial)

vulnerability alert CVE-2014-3528

Apache Subversion: information disclosure via MD5 Cache

Synthesis of the vulnerability

A local attacker can trigger a MD5 collision in the cache of Apache Subversion, in order to obtain sensitive information.
Impacted products: Subversion, openSUSE, Solaris, RHEL, Ubuntu.
Severity: 1/4.
Consequences: data reading.
Provenance: user shell.
Creation date: 26/08/2014.
Identifiers: bulletinoct2015, CVE-2014-3528, MDVSA-2014:161, MDVSA-2015:085, openSUSE-SU-2014:1059-1, RHSA-2015:0165-01, RHSA-2015:0166-01, USN-2316-1, VIGILANCE-VUL-15231.

Description of the vulnerability

The Apache Subversion caches user's credentials. These credentials are stored in a tree indexed by the result of a MD5 hash.

However, an attacker may trigger a MD5 collision, in order to obtain data belonging to another user.

A local attacker can therefore trigger a MD5 collision in the cache of Apache Subversion, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about Apache Subversion: