Summary
The host is running Apache Subversion and is prone denial of service vulnerability.
Impact
Successful exploitation will let the remote attackers to cause a segfault by sending crafted log 'REPORT' request.
Impact Level: Application
NOTE : Configurations which allow anonymous read access to the repository will be vulnerable to this without authentication.
Solution
Upgrade to Apache Subversion version 1.7.9 or later, For updates refer to http://subversion.apache.org
Insight
An error within the 'mod_dav_svn' module when handling crafted log 'REPORT' request with a limit outside the allowed range.
Affected
Apache Subversion 1.7.0 through 1.7.8
References
Severity
Classification
-
CVE CVE-2013-1884 -
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:N/I:N/A:P
Related Vulnerabilities
- Apache Subversion 'mod_dav_svn' Module Multiple DoS Vulnerabilities
- Apache APR-util 'buckets/apr_brigade.c' Denial Of Service Vulnerability
- ClamAV LZH File Unpacking Denial of Service Vulnerability (Win)
- Apache Input Header Folding and mod_ssl ssl_io_filter_cleanup DoS Vulnerabilities
- freeSSHd Pre-Authentication Error Remote DoS Vulnerability