icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons_061

Apache Subversion < 1.6.23 / 1.7.x < 1.7.10 Multiple Vulnerabilities

High

Synopsis

The remote host is running a version of Apache Subversion that is vulnerable to multiple attack vectors.

Description

Versions of Apache Subversion prior to 1.6.23, or 1.7.x prior to 1.7.10 are affected by the following vulnerabilities :

- Remote denial-of-service vulnerabilities exist due to an error in the 'svnserve' server, as it does not properly handle aborted connection messages. (CVE-2013-1968, CVE-2013-2112) - A command injection vulnerability exists in the 'svn-keyword-check.pl' hook script while processing filenames. (CVE-2013-2088)

Solution

Upgrade to Apache Subversion 1.7.10 or later. If 1.7.x cannot be obtained, 1.6.23 is also patched for these vulnerabilities.