The mod_dav_svn server in Subversion 1.8.0 through 1.8.11 allows remote attackers to cause a denial of service (memory consumption) via a large number of REPORT requests, which trigger the traversal of FSFS repository nodes.
http://lists.opensuse.org/opensuse-updates/2015-04/msg00008.html
http://subversion.apache.org/security/CVE-2015-0202-advisory.txt
http://www.mandriva.com/security/advisories?name=MDVSA-2015:192
http://www.securityfocus.com/bid/76446
http://www.securitytracker.com/id/1032100
OR
cpe:2.3:a:apache:subversion:1.8.0:*:*:*:*:*:*:*
cpe:2.3:a:apache:subversion:1.8.1:*:*:*:*:*:*:*
cpe:2.3:a:apache:subversion:1.8.2:*:*:*:*:*:*:*
cpe:2.3:a:apache:subversion:1.8.3:*:*:*:*:*:*:*
cpe:2.3:a:apache:subversion:1.8.4:*:*:*:*:*:*:*
cpe:2.3:a:apache:subversion:1.8.5:*:*:*:*:*:*:*
cpe:2.3:a:apache:subversion:1.8.6:*:*:*:*:*:*:*
cpe:2.3:a:apache:subversion:1.8.7:*:*:*:*:*:*:*
cpe:2.3:a:apache:subversion:1.8.8:*:*:*:*:*:*:*
cpe:2.3:a:apache:subversion:1.8.9:*:*:*:*:*:*:*
OR
ID | Name | Product | Family | Severity |
---|---|---|---|---|
93992 | GLSA-201610-05 : Subversion, Serf: Multiple Vulnerabilities | Nessus | Gentoo Local Security Checks | high |
8972 | Apache Subversion 1.7.x < 1.7.20 / 1.8.x < 1.8.12 Multiple Vulnerabilities | Nessus Network Monitor | Web Servers | high |
85632 | Amazon Linux AMI : subversion / mod_dav_svn (ALAS-2015-587) | Nessus | Amazon Linux Local Security Checks | high |
85579 | Ubuntu 12.04 LTS / 14.04 LTS / 15.04 : subversion vulnerabilities (USN-2721-1) | Nessus | Ubuntu Local Security Checks | high |
85065 | Fedora 21 : subversion-1.8.13-7.fc21 (2015-11795) | Nessus | Fedora Local Security Checks | high |
82635 | openSUSE Security Update : subversion (openSUSE-2015-289) | Nessus | SuSE Local Security Checks | high |
82563 | Mandriva Linux Security Advisory : subversion (MDVSA-2015:192) | Nessus | Mandriva Local Security Checks | high |
82481 | FreeBSD : subversion -- DoS vulnerabilities (8e887b71-d769-11e4-b1c2-20cf30e32f6d) | Nessus | FreeBSD Local Security Checks | high |