The host is running Apache Subversion and is prone to multiple denial of service vulnerabilities.

Successful exploitation will let the remote attackers to cause a segfault. Impact Level: Application NOTE : Configurations which allow anonymous read access to the repository will be vulnerable.

Upgrade to Apache Subversion version 1.6.21 or 1.7.9 or later, For updates refer to http://subversion.apache.org

An error within the 'mod_dav_svn' module when handling - 'LOCK' requests against a URL for a non-existent path or invalid activity URL that supports anonymous locks. - 'PROPFIND' request on an activity URL.

Apache Subversion 1.6.x through 1.6.20 and 1.7.0 through 1.7.8

• http://osvdb.org/92093
• http://osvdb.org/92094
• http://seclists.org/fulldisclosure/2013/Mar/56
• http://secunia.com/advisories/52966/
• http://subversion.apache.org/security/CVE-2013-1847-advisory.txt
• http://subversion.apache.org/security/CVE-2013-1849-advisory.txt

---

Updated on 2015-03-25