Apache Subversion 1.4.x - 1.7.13 / 1.8.x < 1.8.5 Multiple DoS

This script is Copyright (C) 2013-2014 Tenable Network Security, Inc.


Synopsis :

The remote host has an application that is affected by multiple denial
of service vulnerabilities.

Description :

The installed version of Subversion Server is affected by multiple
denial of service vulnerabilities :

- An error exists related to the 'mod_dontdothat' module
and handling relative URLs sent from serf-based
clients. (CVE-2013-4505)

- An error exists related to the 'mod_dav_svn' module and
handling unspecified requests. Note that this issue
reportedly only affects the 1.7 and 1.8 branches,
including versions 1.7.11 through 1.7.13 and 1.8.1
through 1.8.4. (CVE-2013-4558)

See also :

http://subversion.apache.org/security/CVE-2013-4505-advisory.txt
http://subversion.apache.org/security/CVE-2013-4558-advisory.txt

Solution :

Upgrade to Subversion Server 1.7.14 / 1.8.5 or later or apply the
vendor patches or workarounds.

Risk factor :

Low / CVSS Base Score : 3.5
(CVSS2#AV:N/AC:M/Au:S/C:N/I:N/A:P)
CVSS Temporal Score : 3.0
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : false

Family: Windows

Nessus Plugin ID: 71569 ()

Bugtraq ID: 63981
63966

CVE ID: CVE-2013-4505
CVE-2013-4558