Apache Subversion < 1.6.21 / 1.7.9 Remote Denial of Service Vulnerability
PVS ID: 8121 FAMILY: Web Servers RISK: MEDIUM NESSUS ID:Not Available
Description: Synopsis :\n\nThe remote host is running a version of Subversion's mod_dav_svn HTTPD server module that is vulnerable to denial of service.\n\nThe remote host is running a vulnerable version of Subversion's mod_dav_svn Apache server module. This issue specifically regards excessive memory usage when a large number of properties are set or deleted on a node, and an attack would require the attacker to have write access to the repository.\n\nObserved SVN module version:\n %L

Solution: Patches are available from the vendor; upgrade to version 1.6.21 / 1.7.9 or later.


Copyright Tenable Network Security Inc. 2014