Информационная безопасность
[RU] switch to English


Многочисленные уязвимости безопасности в Subversion
Опубликовано:9 апреля 2013 г.
Источник:
SecurityVulns ID:13000
Тип:удаленная
Уровень опасности:
5/10
Описание:Многочисленные DoS-условия.
Затронутые продукты:SUBVERSION : subversion 1.7
CVE:CVE-2013-1884 (The mod_dav_svn Apache HTTPD server module in Subversion 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service (segmentation fault and crash) via a log REPORT request with an invalid limit, which triggers an access of an uninitialized variable.)
 CVE-2013-1849 (The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x through 1.6.20 and 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a PROPFIND request for an activity URL.)
 CVE-2013-1847 (The mod_dav_svn Apache HTTPD server module in Subversion 1.6.0 through 1.6.20 and 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via an anonymous LOCK for a URL that does not exist.)
 CVE-2013-1846 (The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x before 1.6.21 and 1.7.0 through 1.7.8 allows remote authenticated users to cause a denial of service (NULL pointer dereference and crash) via a LOCK on an activity URL.)
 CVE-2013-1845 (The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x before 1.6.21 and 1.7.0 through 1.7.8 allows remote authenticated users to cause a denial of service (memory consumption) by (1) setting or (2) deleting a large number of properties for a file or directory.)
Оригинальный текстdocumentSLACKWARE, [slackware-security] subversion (SSA:2013-095-01) (09.04.2013)

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород